Package: seahorse Version: 2.22.3-1 Severity: normal Tags: security Seahorse leaks file descriptors to processes started with "seahorse-agent --execute", including the gpg agent listening socket. For the default setup, this means that all processes started from the desktop inherit those FDs and can possibly use them. This can be a security issue because the FDs are also inherited to processes started with su as a different user which normally would not have access to gpg key and gpg agent socket.
Seahorse should use fcntl to set FD_CLOEXEC on its FDs. PS: LVM complains about the open FDs, too: $ su Password: # lvs File descriptor 8 left open File descriptor 9 left open File descriptor 13 left open ... PPS: You can use filan from the socat package to display information about the open FDs. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
