On Wed, Jul 08, 2009 at 02:21:05PM +0100, Alasdair G Kergon wrote: Hi,
> It's often an indication of a careless programming and can lead to > security problems if a child process inherits access to a rogue file > descriptor and can interfere with it. The messages were added during a > bug investigation to prove that LVM was not involved. > > selinux with a strict policy now also detects this sort of bug. > > They can be suppressed by setting the (deliberately-undocumented) > environment variable LVM_SUPPRESS_FD_WARNINGS, but really, the source of > the problem you're seeing should be addressed instead of ignoring the > symptoms. I don't agree; surely, following the above argumentation, each and every program should go out of its way to close any inherited file descriptor it didn't expect, and warn the user about them. Incidentally, this would make chpst -l (which relies on obtaining a lock on a file and then passing this filedescriptor on to its child, which it execs without a fork) useless. In my case, I know where the stray FD is coming from: I'm invoking lvm utilities from a zsh script that has a logging coprocess, and it does an "exec >&p" early on so that all output of any programs invoked goes to the coprocess instead of stdout. Child processes inherit a pipe to the coprocess, but this isn't a problem that needs to be addressed; it has no ill effects and certainly doesn't warrant an obnoxious warning I can only turn off by relying on an undocumented feature. I certainly agree that the warnings are a good debugging aid, but making them unnecessarily hard to turn off is, in my opinion, contrary to the unix philosophy, which entails letting the user shoot himself in the foot if he wants, and not assuming that your program is necessarily smarter than the person running it, or that the developer was able to anticipate all circumstances his or her program might be run in. I think --quiet should get rid of these warnings too; you should assume that anyone who goes out of their way to specify --quiet really does want the utility to be quiet except when critical errors occur. It's what --quiet should do, and what the documentation implies --quiet does. Anyway, thank you for the hint about LVM_SUPPRESS_FD_WARNINGS, and sorry about the ranting. Andras -- Andras Korn <korn at elan.rulez.org> - <http://chardonnay.math.bme.hu/~korn/> When in darkness or in doubt, run in circles, scream and shout. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
