Bug#592224: libice6 - Creates UNIX socket names including the pid
Package: libice6
Version: 2:1.0.6-1
Severity: normal
libice creates UNIX sockets which names includes the pid of the creating
process:
| $ netstat -len 2>/dev/null | grep ICE
| unix 2 [ ACC ] STREAM LISTENING 7460 @/tmp/.ICE-unix/2389
| unix 2 [ ACC ] STREAM LISTENING 7461 /tmp/.ICE-unix/2389
The pid value as seen by the process itself via getpid(2) on Linux is
not longer unique if pid namespaces or the process freezer are in use.
Also other processes may see a different pid for it.
Please use some more random for creating this socket names, as they are
communicated via a environment variable (SESSION_MANAGER) anyway.
My current project is a kiosk multiseat system. Every seat runs within
its own mount namespace (so it have a completely seperated filesystem)
and pid namespace (so it can't see any processes outside). But as every
seat is setup the same way and no network namespaces are in use, the x
session manager gets the same pid and the ICE socket name is already
taken.
Bastian
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.34-1-686-bigmem (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libice6 depends on:
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii x11-common 1:7.5+6 X Window System (X.Org) infrastruc
libice6 recommends no packages.
libice6 suggests no packages.
-- no debconf information
Reply to: