NetBSD Problem Report #48988

From mm_lists@pulsar-zone.net  Sat Jul 12 12:16:36 2014
Return-Path: <mm_lists@pulsar-zone.net>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id BCA13A6531
	for <gnats-bugs@gnats.NetBSD.org>; Sat, 12 Jul 2014 12:16:36 +0000 (UTC)
Message-Id: <201407121216.s6CCGXXY009310@ginseng.pulsar-zone.net>
Date: Sat, 12 Jul 2014 08:16:33 -0400
From: Matthew Mondor <mm_lists@pulsar-zone.net>
To: gnats-bugs@gnats.NetBSD.org
Subject: Strange init-inherited? descriptors on netbsd-6

>Number:         48988
>Category:       bin
>Synopsis:       Strange init-inherited? descriptors on netbsd-6
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          analyzed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jul 12 12:20:00 +0000 2014
>Closed-Date:    
>Last-Modified:  Mon Dec 15 09:20:00 +0000 2014
>Originator:     Matthew Mondor
>Release:        NetBSD 6.1_STABLE
>Organization:
>Environment:
System: NetBSD ninja.xisop 6.1_STABLE NetBSD 6.1_STABLE (GENERIC_MM) #3: Mon Jul 1 19:08:46 EDT 2013 root@ninja.xisop:/usr/obj/sys/arch/amd64/compile/GENERIC_MM amd64
Architecture: x86_64
Machine: amd64
>Description:

I noticed lately that a daemon I wrote sometimes had unexpected extra
descriptors.  Then I realized that this only occurs when it is started
at boot, and that many programs are affected.  This does not occur on
netbsd-5.  I don't think it's a critical security or resources issue
yet, but I assume that it's a bug and that it can be fixed.  I also
assume that those descriptors are inherited from init, but a quick grep
for close-on-exec, pipe or socketpair related searches did not show
matches, and I've not had the time to audit the init code yet.

It's also unclear yet why fstat falls back to flags mode for two of the
three leaking descriptors (and it's not related to my other fstat
related bin/48925 PR).

I noticed that some daemons are particularily careful to close all
potential descriptors after dup2(2), such as an ircd; but most
otherwise well-behaving daemons are affected.

>How-To-Repeat:

# fstat
[...]
root     cron         710    7 flags 0x280014<ISTTY,MPSAFE,CLEAN,INACTREDO>
root     cron         710    8 flags 0x280014<ISTTY,MPSAFE,CLEAN,INACTREDO>
root     cron         710    9* pipe 0xfffffe810ecffdc0 -> 0x0 w
[...]
root     inetd        729    7 flags 0x280014<ISTTY,MPSAFE,CLEAN,INACTREDO>
root     inetd        729    8 flags 0x280014<ISTTY,MPSAFE,CLEAN,INACTREDO>
root     inetd        729    9* pipe 0xfffffe810ecffdc0 -> 0x0 w
[...]
root     powerd       373    7 flags 0x280014<ISTTY,MPSAFE,CLEAN,INACTREDO>
root     powerd       373    8 flags 0x280014<ISTTY,MPSAFE,CLEAN,INACTREDO>
root     powerd       373    9* pipe 0xfffffe810ecffdc0 -> 0x0 w
[...]
root     syslogd      172    7 flags 0x280014<ISTTY,MPSAFE,CLEAN,INACTREDO>
root     syslogd      172    8 flags 0x280014<ISTTY,MPSAFE,CLEAN,INACTREDO>
root     syslogd      172    9* pipe 0xfffffe810ecffdc0 -> 0x0 w
[...various other system and third party daemons, and sh scripts...]

>Fix:
	Unknown yet, to analyse

>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->analyzed
State-Changed-By: mlelstv@NetBSD.org
State-Changed-When: Mon, 15 Dec 2014 08:45:23 +0000
State-Changed-Why:
rc.subr ist the culprit


From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@gnats.netbsd.org
Cc: 
Subject: Re: bin/48988 Strange init-inherited? descriptors on netbsd-6
Date: Mon, 15 Dec 2014 10:14:00 +0100

 The reason for the open file descriptors is the rc framework
 that tries to handle logging and interactive I/O.

 Currently 3 file descriptors are opened additionally when running
 an rc script:

 fd 7 -> $_rc_original_stdout_fd
 fd 8 -> $_rc_original_stderr_fd
 fd 9 -> $_rc_postprocessor_fd

 It's not always possible to close the descriptors, but for
 standard scripts that are executed in a subprocess that
 should be possible.

 N.B. lvm prints ugly warning messages when it sees the
 descriptors.


 Greetings,
 -- 
                                 Michael van Elst
 Internet: mlelstv@serpens.de
                                 "A potential Snark may lurk in every tree."

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.