Re: dh_installinit

To: debian-devel@lists.debian.org
Subject: Re: dh_installinit
From: Russ Allbery <rra@debian.org>
Date: Sat, 10 Nov 2007 23:45:01 -0800
Message-id: <[🔎] 87wssp445e.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 87pryh6y0j.fsf@anzu.internal.golden-gryphon.com> (Manoj Srivastava's message of "Sun, 11 Nov 2007 01:29:16 -0600")
References: <[🔎] 47320418.1030008@aliasource.fr> <[🔎] 87mytpoqg9.fsf@windlord.stanford.edu> <[🔎] 1194465540.47321904b069a@webmail.aliacom.local> <[🔎] 87k5otr1fg.fsf@windlord.stanford.edu> <[🔎] 473311F7.7020409@aliasource.fr> <[🔎] 2fly7d7lc1q.fsf@saruman.uio.no> <[🔎] 87wssrxpmr.fsf@windlord.stanford.edu> <[🔎] 87pryh6y0j.fsf@anzu.internal.golden-gryphon.com>

Manoj Srivastava <srivasta@debian.org> writes:
> On Fri, 09 Nov 2007 10:03:40 -0800, Russ Allbery <rra@debian.org> said: 

>> Those file descriptor close loops are somewhat controversial.  Not
>> everyone agrees that they're a good idea, and some upstreams will push
>> back on doing it.  I find them a bit dubious myself; there are various
>> hacks that, while hacks, come in very handy but are broken by daemons
>> that do this.  (Process-inherited Kerberos caches, for example.)

>         Wearing my SELinux hat on, I find that daemons not closing file
>  descriptors when forking children result in a large number of AVC
>  denied messages. Of course, sometimes there are legitimate reasons for
>  not closing the descriptors (and these use cases can then be explicitly
>  allowed in the security policy).  Most cases, though, it seems like the
>  authors are just being lazy.

>From a security standpoint, isn't it clearly better to manage the file
descriptors before invoking the daemon rather than just handing them all
off to the daemon and trusting the daemon to close them?  Insofar as there
is any security impact here (which is dubious in most cases), I'd say that
passing the open debconf file descriptor to the daemon is wrong regardless
of whether the daemon closes it or not.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: dh_installinit
  - From: Manoj Srivastava <srivasta@debian.org>

References:
- dh_installinit
  - From: Sylvain Garcia <sylvain.garcia@aliasource.fr>
- Re: dh_installinit
  - From: Russ Allbery <rra@debian.org>
- Re: dh_installinit
  - From: Sylvain Garcia <sylvain.garcia@aliasource.fr>
- Re: dh_installinit
  - From: Russ Allbery <rra@debian.org>
- Re: dh_installinit
  - From: Sylvain Garcia <sylvain.garcia@aliasource.fr>
- Re: dh_installinit
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: dh_installinit
  - From: Russ Allbery <rra@debian.org>
- Re: dh_installinit
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: Re: RFC: cups as "default" printing system for lenny?
Next by Date: Re: dh_installinit
Previous by thread: Re: dh_installinit
Next by thread: Re: dh_installinit
Index(es):
- Date
- Thread