Bug#538248: marked as done (child processes inherit the listening sockets opened by xsm)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 29 Oct 2010 13:18:13 +0000
with message-id <E1PBoqT-0006u2-Hi@franck.debian.org>
and subject line Bug#538248: fixed in libice 2:1.0.6-2
has caused the Debian Bug report #538248,
regarding child processes inherit the listening sockets opened by xsm
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
538248: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538248
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: child processes inherit the listening sockets opened by xsm
• From: Kalle Olavi Niemitalo <kon@iki.fi>
• Date: Fri, 24 Jul 2009 13:46:31 +0300
• Message-id: <878wieicjc.fsf@Astalo.kon.iki.fi>

Package: libice6
Version: 2:1.0.5-1
Severity: normal
Tags: patch

I'm using Debian sources but not Debian binaries.

When I run xsm (x11-session-utils 7.3+1) from ~/.xsession,
it creates several sockets and listens to them.  The file
descriptors it opens for these sockets get pointlessly inherited
by child processes, causing warnings from LVM2 utilities.
xsm should make the file descriptors close on exec.

$ ls -l /proc/$$/fd
total 0
lrwx------ 1 Kalle Kalle 64 Jul 24 13:38 0 -> /dev/pts/8
lrwx------ 1 Kalle Kalle 64 Jul 24 13:38 1 -> /dev/pts/8
lrwx------ 1 Kalle Kalle 64 Jul 24 13:38 10 -> /dev/tty
lrwx------ 1 Kalle Kalle 64 Jul 24 13:38 2 -> /dev/pts/8
lrwx------ 1 Kalle Kalle 64 Jul 24 13:38 4 -> socket:[201881]
lrwx------ 1 Kalle Kalle 64 Jul 24 13:38 5 -> socket:[201882]
lrwx------ 1 Kalle Kalle 64 Jul 24 13:38 6 -> socket:[201883]
lrwx------ 1 Kalle Kalle 64 Jul 24 13:38 7 -> socket:[201884]
$ echo $SESSION_MANAGER
local/Astalo:@/tmp/.ICE-unix/22999,unix/Astalo:/tmp/.ICE-unix/22999,inet6/Astalo:49905,inet/Astalo:52368
$ su
Password: 
# vgs
File descriptor 4 (socket:[201881]) leaked on vgs invocation. Parent PID 23063: dash
File descriptor 5 (socket:[201882]) leaked on vgs invocation. Parent PID 23063: dash
File descriptor 6 (socket:[201883]) leaked on vgs invocation. Parent PID 23063: dash
File descriptor 7 (socket:[201884]) leaked on vgs invocation. Parent PID 23063: dash
  VG    #PV #LV #SN Attr   VSize   VFree  
  vgr0a   2   1   0 wz--n- 204.44G 189.44G
  vgr1a   2   1   0 wz--n-  18.62G  16.62G
  vgr1b   2  15   0 wz--n- 185.81G  97.12G
# netstat -ape | grep '20188[1234]'
tcp        0      0 *:52368                 *:*                     LISTEN     Kalle      201882     22999/xsm           
tcp6       0      0 *:49905                 *:*                     LISTEN     Kalle      201881     22999/xsm           
unix  2      [ ACC ]     STREAM     LISTENING     201883   22999/xsm           @/tmp/.ICE-unix/22999
unix  2      [ ACC ]     STREAM     LISTENING     201884   22999/xsm           /tmp/.ICE-unix/22999
# 

To create these sockets, xsm uses libICE, which in turn uses
source code from xtrans.  In X11 Release 6 Public Patch #08
<http://www.umich.edu/~archive/x11/r6-src/fixes/fix-08>,
IceAcceptConnection() and IceOpenConnection() were changed to
call _IceTransSetOption (newconn, TRANS_CLOSEONEXEC, 1); but
IceListenForConnections() does no such thing.  Because libICE
apparently expects callers to access the listening sockets only
via the opaque typedef struct _IceListenObj *IceListenObj, and
these structures do not survive the address-space change in exec,
I don't think it makes sense to keep the file descriptors open
across exec either.

libice (2:1.0.5-1.kon.1) local; urgency=low

  * Local version!
  * Make the sockets opened by IceListenForConnections close on exec.
    This stops xsm from leaking the $SESSION_MANAGER sockets to all the
    processes in the session.

 -- Kalle Olavi Niemitalo <kon@iki.fi>  Fri, 24 Jul 2009 13:05:04 +0300

only in patch2:
unchanged:
--- libice-1.0.5.orig/src/listen.c
+++ libice-1.0.5/src/listen.c
@@ -76,6 +76,7 @@
 
     for (i = 0; i < transCount; i++)
     {
+	_IceTransSetOption (transConns[i], TRANS_CLOSEONEXEC, 1);
 	networkId = _IceTransGetMyNetworkId (transConns[i]);
 
 	if (networkId)

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.26-1-686
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages x11-session-utils depends on:
ii  cpp                           4:4.3.1-2  The GNU C preprocessor (cpp)
ii  libc6                         2.7-16     GNU C Library: Shared libraries
ii  libice6                       2:1.0.5-1  X11 Inter-Client Exchange library
ii  libsm6                        2:1.1.0-2  X11 Session Management library
ii  libx11-6                      2:1.0.0-6  X11 client-side library
ii  libxaw7                       2:1.0.5-2  X11 Athena Widget library
ii  libxmu6                       1:1.0.1-3  X11 miscellaneous utility library
ii  libxt6                        1:1.0.0-4  X11 toolkit intrinsics library
ii  x11-common                    1:7.3+8    X Window System (X.Org) infrastruc

Other related packages:
ii  xtrans-dev                    1.2.3-3    X transport library (development f

Attachment: pgpNnAK5bIUAS.pgp
Description: PGP signature

--- End Message ---

--- Begin Message ---

• To: 538248-close@bugs.debian.org
• Subject: Bug#538248: fixed in libice 2:1.0.6-2
• From: Cyril Brulebois <kibi@debian.org>
• Date: Fri, 29 Oct 2010 13:18:13 +0000
• Message-id: <E1PBoqT-0006u2-Hi@franck.debian.org>

Source: libice
Source-Version: 2:1.0.6-2

We believe that the bug you reported is fixed in the latest version of
libice, which is due to be installed in the Debian FTP archive:

libice-dev_1.0.6-2_amd64.deb
  to main/libi/libice/libice-dev_1.0.6-2_amd64.deb
libice6-dbg_1.0.6-2_amd64.deb
  to main/libi/libice/libice6-dbg_1.0.6-2_amd64.deb
libice6_1.0.6-2_amd64.deb
  to main/libi/libice/libice6_1.0.6-2_amd64.deb
libice_1.0.6-2.diff.gz
  to main/libi/libice/libice_1.0.6-2.diff.gz
libice_1.0.6-2.dsc
  to main/libi/libice/libice_1.0.6-2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 538248@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cyril Brulebois <kibi@debian.org> (supplier of updated libice package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 29 Oct 2010 14:56:48 +0200
Source: libice
Binary: libice6 libice6-dbg libice-dev
Architecture: source amd64
Version: 2:1.0.6-2
Distribution: unstable
Urgency: low
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Cyril Brulebois <kibi@debian.org>
Description: 
 libice-dev - X11 Inter-Client Exchange library (development headers)
 libice6    - X11 Inter-Client Exchange library
 libice6-dbg - X11 Inter-Client Exchange library (debug package)
Closes: 538248
Changes: 
 libice (2:1.0.6-2) unstable; urgency=low
 .
   [ Julien Cristau ]
   * Rename the build directory to not include DEB_BUILD_GNU_TYPE for no
     good reason.  Thanks, Colin Watson!
   * Remove myself from Uploaders
 .
   [ Cyril Brulebois ]
   * Cherry-pick from upstream:
     + 0001-Set-the-close-on-exec-flag-for-listening-sockets.patch:
       Stop leaking listening sockets by setting the close on exec flag on
       them. Thanks to Kalle Olavi Niemitalo (Closes: #538248).
       [From upstream 1967c04c0]
   * Add myself to Uploaders.
Checksums-Sha1: 
 09a8a787aa1900a695d1764f88655e84ba3e21ab 1324 libice_1.0.6-2.dsc
 28a8a56c52f4e74eceec8b150993bec506bc36df 15162 libice_1.0.6-2.diff.gz
 15deda7d5713a29e395b0fae2b400eb58f64e779 53832 libice6_1.0.6-2_amd64.deb
 838bb523ae903423947a338b00df809b1bfa1c77 85444 libice6-dbg_1.0.6-2_amd64.deb
 2dcb165128e00766cc91f70ff86ef6a4f25632f2 65792 libice-dev_1.0.6-2_amd64.deb
Checksums-Sha256: 
 3a616fe59f2971109b60bd4b2107777cc8bc33c581c52417cbddb81f5ae5870f 1324 libice_1.0.6-2.dsc
 9b485ca6cb9d12e155c2ba7ef31ac54c3fcb819c26b6ab7f146b8bde626f3069 15162 libice_1.0.6-2.diff.gz
 88ab6db2e9efad33521f3b414fd049de6082eae2bdfdc307d0625389701c4db6 53832 libice6_1.0.6-2_amd64.deb
 a766c923d7f5f94be63862d9ce684c55d804a10d9ae56c06e03beed93c6c1db0 85444 libice6-dbg_1.0.6-2_amd64.deb
 07fb57dd3d39552ee14fb5df1a65887a46581d9a02cf2533da8a1eb6cc3f3cfa 65792 libice-dev_1.0.6-2_amd64.deb
Files: 
 977f2043246dfc7dde607ebb28d64f0b 1324 x11 optional libice_1.0.6-2.dsc
 ce8bb7a730619f17c36b5ecd26e93f3f 15162 x11 optional libice_1.0.6-2.diff.gz
 5ef05e3a3b54e159fe97226ce9f5cc7a 53832 libs optional libice6_1.0.6-2_amd64.deb
 cad55ea0fdbccabfab3be94912c5a36a 85444 debug extra libice6-dbg_1.0.6-2_amd64.deb
 66667d87b43582a13c4fd54b38da507b 65792 libdevel optional libice-dev_1.0.6-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzKyAYACgkQeGfVPHR5Nd39XwCfTMt9hYdj91i0a5w7ifiXrngJ
GIcAn1JU1IrwPsEVc0CUQxxWp/COk8i/
=sbrU
-----END PGP SIGNATURE-----

--- End Message ---