Bug#760476: concerning 760476
Hi,
I've thought of an alternative path that doesn't require changes into
applications that close all descriptors but uses some heuristics to
check whether the descriptor is still open (and the same type). If
that looks reasonable I plan to include it in the next release of
gnutls.
https://www.gitorious.org/gnutls/gnutls/commit/684b825f5f78cc7ad1f61be232fd20ee0bc5b56f
https://www.gitorious.org/gnutls/gnutls/commit/e8ffb7944037a45e6f2436a3906ce37e5ea97e3e
On Wed, Oct 29, 2014 at 1:02 PM, Didier 'OdyX' Raboud <odyx@debian.org> wrote:
> Hi Nikos, hi Andreas,
>
> On Tue, 28 Oct 2014 19:11:28 +0100 Andreas Metzler wrote:
>> On 2014-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org> wrote:
>> > I think that the issue should be reassigned to cups and it should be
>> > modified to close the known file descriptors (stdin/stdout/stderr)
>> > instead of all open descriptors.
>>
>> Thanks for the explanation. re-assigning. (I will subscribe to the
>> bug-report to keep me updated)
>
> Thanks to you two for the investigation; I've brought the issue back
> "up" to CUPS's bugtracker, where Michael Sweet wrote on
> https://www.cups.org/str.php?L4484 :
>> So it looks like you also need to fix GNU TLS to only open
>> /dev/urandom when gnutls_global_init() is called and not before.
>
> It appears there's a disagreement between CUPS and GnuTLS on how the
> file descriptors should be managed. It would be nice if one of you could
> have the conversation with Michael directly on the CUSP tracker, without
> me playing the messenger.
>
> Nikos: would that be imaginable?
>
> TIA, cheers,
>
> OdyX
Reply to: