Your message dated Fri, 29 Oct 2010 13:18:13 +0000 with message-id <E1PBoqT-0006u2-Hi@franck.debian.org> and subject line Bug#538248: fixed in libice 2:1.0.6-2 has caused the Debian Bug report #538248, regarding child processes inherit the listening sockets opened by xsm to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 538248: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538248 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: child processes inherit the listening sockets opened by xsm
- From: Kalle Olavi Niemitalo <kon@iki.fi>
- Date: Fri, 24 Jul 2009 13:46:31 +0300
- Message-id: <878wieicjc.fsf@Astalo.kon.iki.fi>
Package: libice6 Version: 2:1.0.5-1 Severity: normal Tags: patch I'm using Debian sources but not Debian binaries. When I run xsm (x11-session-utils 7.3+1) from ~/.xsession, it creates several sockets and listens to them. The file descriptors it opens for these sockets get pointlessly inherited by child processes, causing warnings from LVM2 utilities. xsm should make the file descriptors close on exec. $ ls -l /proc/$$/fd total 0 lrwx------ 1 Kalle Kalle 64 Jul 24 13:38 0 -> /dev/pts/8 lrwx------ 1 Kalle Kalle 64 Jul 24 13:38 1 -> /dev/pts/8 lrwx------ 1 Kalle Kalle 64 Jul 24 13:38 10 -> /dev/tty lrwx------ 1 Kalle Kalle 64 Jul 24 13:38 2 -> /dev/pts/8 lrwx------ 1 Kalle Kalle 64 Jul 24 13:38 4 -> socket:[201881] lrwx------ 1 Kalle Kalle 64 Jul 24 13:38 5 -> socket:[201882] lrwx------ 1 Kalle Kalle 64 Jul 24 13:38 6 -> socket:[201883] lrwx------ 1 Kalle Kalle 64 Jul 24 13:38 7 -> socket:[201884] $ echo $SESSION_MANAGER local/Astalo:@/tmp/.ICE-unix/22999,unix/Astalo:/tmp/.ICE-unix/22999,inet6/Astalo:49905,inet/Astalo:52368 $ su Password: # vgs File descriptor 4 (socket:[201881]) leaked on vgs invocation. Parent PID 23063: dash File descriptor 5 (socket:[201882]) leaked on vgs invocation. Parent PID 23063: dash File descriptor 6 (socket:[201883]) leaked on vgs invocation. Parent PID 23063: dash File descriptor 7 (socket:[201884]) leaked on vgs invocation. Parent PID 23063: dash VG #PV #LV #SN Attr VSize VFree vgr0a 2 1 0 wz--n- 204.44G 189.44G vgr1a 2 1 0 wz--n- 18.62G 16.62G vgr1b 2 15 0 wz--n- 185.81G 97.12G # netstat -ape | grep '20188[1234]' tcp 0 0 *:52368 *:* LISTEN Kalle 201882 22999/xsm tcp6 0 0 *:49905 *:* LISTEN Kalle 201881 22999/xsm unix 2 [ ACC ] STREAM LISTENING 201883 22999/xsm @/tmp/.ICE-unix/22999 unix 2 [ ACC ] STREAM LISTENING 201884 22999/xsm /tmp/.ICE-unix/22999 # To create these sockets, xsm uses libICE, which in turn uses source code from xtrans. In X11 Release 6 Public Patch #08 <http://www.umich.edu/~archive/x11/r6-src/fixes/fix-08>, IceAcceptConnection() and IceOpenConnection() were changed to call _IceTransSetOption (newconn, TRANS_CLOSEONEXEC, 1); but IceListenForConnections() does no such thing. Because libICE apparently expects callers to access the listening sockets only via the opaque typedef struct _IceListenObj *IceListenObj, and these structures do not survive the address-space change in exec, I don't think it makes sense to keep the file descriptors open across exec either. libice (2:1.0.5-1.kon.1) local; urgency=low * Local version! * Make the sockets opened by IceListenForConnections close on exec. This stops xsm from leaking the $SESSION_MANAGER sockets to all the processes in the session. -- Kalle Olavi Niemitalo <kon@iki.fi> Fri, 24 Jul 2009 13:05:04 +0300 only in patch2: unchanged: --- libice-1.0.5.orig/src/listen.c +++ libice-1.0.5/src/listen.c @@ -76,6 +76,7 @@ for (i = 0; i < transCount; i++) { + _IceTransSetOption (transConns[i], TRANS_CLOSEONEXEC, 1); networkId = _IceTransGetMyNetworkId (transConns[i]); if (networkId) -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.26-1-686 Locale: LANG=fi_FI.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages x11-session-utils depends on: ii cpp 4:4.3.1-2 The GNU C preprocessor (cpp) ii libc6 2.7-16 GNU C Library: Shared libraries ii libice6 2:1.0.5-1 X11 Inter-Client Exchange library ii libsm6 2:1.1.0-2 X11 Session Management library ii libx11-6 2:1.0.0-6 X11 client-side library ii libxaw7 2:1.0.5-2 X11 Athena Widget library ii libxmu6 1:1.0.1-3 X11 miscellaneous utility library ii libxt6 1:1.0.0-4 X11 toolkit intrinsics library ii x11-common 1:7.3+8 X Window System (X.Org) infrastruc Other related packages: ii xtrans-dev 1.2.3-3 X transport library (development fAttachment: pgpNnAK5bIUAS.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 538248-close@bugs.debian.org
- Subject: Bug#538248: fixed in libice 2:1.0.6-2
- From: Cyril Brulebois <kibi@debian.org>
- Date: Fri, 29 Oct 2010 13:18:13 +0000
- Message-id: <E1PBoqT-0006u2-Hi@franck.debian.org>
Source: libice Source-Version: 2:1.0.6-2 We believe that the bug you reported is fixed in the latest version of libice, which is due to be installed in the Debian FTP archive: libice-dev_1.0.6-2_amd64.deb to main/libi/libice/libice-dev_1.0.6-2_amd64.deb libice6-dbg_1.0.6-2_amd64.deb to main/libi/libice/libice6-dbg_1.0.6-2_amd64.deb libice6_1.0.6-2_amd64.deb to main/libi/libice/libice6_1.0.6-2_amd64.deb libice_1.0.6-2.diff.gz to main/libi/libice/libice_1.0.6-2.diff.gz libice_1.0.6-2.dsc to main/libi/libice/libice_1.0.6-2.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 538248@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cyril Brulebois <kibi@debian.org> (supplier of updated libice package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 29 Oct 2010 14:56:48 +0200 Source: libice Binary: libice6 libice6-dbg libice-dev Architecture: source amd64 Version: 2:1.0.6-2 Distribution: unstable Urgency: low Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Cyril Brulebois <kibi@debian.org> Description: libice-dev - X11 Inter-Client Exchange library (development headers) libice6 - X11 Inter-Client Exchange library libice6-dbg - X11 Inter-Client Exchange library (debug package) Closes: 538248 Changes: libice (2:1.0.6-2) unstable; urgency=low . [ Julien Cristau ] * Rename the build directory to not include DEB_BUILD_GNU_TYPE for no good reason. Thanks, Colin Watson! * Remove myself from Uploaders . [ Cyril Brulebois ] * Cherry-pick from upstream: + 0001-Set-the-close-on-exec-flag-for-listening-sockets.patch: Stop leaking listening sockets by setting the close on exec flag on them. Thanks to Kalle Olavi Niemitalo (Closes: #538248). [From upstream 1967c04c0] * Add myself to Uploaders. Checksums-Sha1: 09a8a787aa1900a695d1764f88655e84ba3e21ab 1324 libice_1.0.6-2.dsc 28a8a56c52f4e74eceec8b150993bec506bc36df 15162 libice_1.0.6-2.diff.gz 15deda7d5713a29e395b0fae2b400eb58f64e779 53832 libice6_1.0.6-2_amd64.deb 838bb523ae903423947a338b00df809b1bfa1c77 85444 libice6-dbg_1.0.6-2_amd64.deb 2dcb165128e00766cc91f70ff86ef6a4f25632f2 65792 libice-dev_1.0.6-2_amd64.deb Checksums-Sha256: 3a616fe59f2971109b60bd4b2107777cc8bc33c581c52417cbddb81f5ae5870f 1324 libice_1.0.6-2.dsc 9b485ca6cb9d12e155c2ba7ef31ac54c3fcb819c26b6ab7f146b8bde626f3069 15162 libice_1.0.6-2.diff.gz 88ab6db2e9efad33521f3b414fd049de6082eae2bdfdc307d0625389701c4db6 53832 libice6_1.0.6-2_amd64.deb a766c923d7f5f94be63862d9ce684c55d804a10d9ae56c06e03beed93c6c1db0 85444 libice6-dbg_1.0.6-2_amd64.deb 07fb57dd3d39552ee14fb5df1a65887a46581d9a02cf2533da8a1eb6cc3f3cfa 65792 libice-dev_1.0.6-2_amd64.deb Files: 977f2043246dfc7dde607ebb28d64f0b 1324 x11 optional libice_1.0.6-2.dsc ce8bb7a730619f17c36b5ecd26e93f3f 15162 x11 optional libice_1.0.6-2.diff.gz 5ef05e3a3b54e159fe97226ce9f5cc7a 53832 libs optional libice6_1.0.6-2_amd64.deb cad55ea0fdbccabfab3be94912c5a36a 85444 debug extra libice6-dbg_1.0.6-2_amd64.deb 66667d87b43582a13c4fd54b38da507b 65792 libdevel optional libice-dev_1.0.6-2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkzKyAYACgkQeGfVPHR5Nd39XwCfTMt9hYdj91i0a5w7ifiXrngJ GIcAn1JU1IrwPsEVc0CUQxxWp/COk8i/ =sbrU -----END PGP SIGNATURE-----
--- End Message ---