[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dh_installinit

Manoj Srivastava <srivasta@debian.org> writes:
> On Fri, 09 Nov 2007 10:03:40 -0800, Russ Allbery <rra@debian.org> said: 

>> Those file descriptor close loops are somewhat controversial.  Not
>> everyone agrees that they're a good idea, and some upstreams will push
>> back on doing it.  I find them a bit dubious myself; there are various
>> hacks that, while hacks, come in very handy but are broken by daemons
>> that do this.  (Process-inherited Kerberos caches, for example.)

>         Wearing my SELinux hat on, I find that daemons not closing file
>  descriptors when forking children result in a large number of AVC
>  denied messages. Of course, sometimes there are legitimate reasons for
>  not closing the descriptors (and these use cases can then be explicitly
>  allowed in the security policy).  Most cases, though, it seems like the
>  authors are just being lazy.

>From a security standpoint, isn't it clearly better to manage the file
descriptors before invoking the daemon rather than just handing them all
off to the daemon and trusting the daemon to close them?  Insofar as there
is any security impact here (which is dubious in most cases), I'd say that
passing the open debconf file descriptor to the daemon is wrong regardless
of whether the daemon closes it or not.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: