Bug#601649: apt: leaks fd to history.log
Package: apt
Version: 0.8.6
Severity: normal
Tags: patch
Consider this:
master@doggy:~/src/apt$ sudo lsof -p7526
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
pcscd 7526 root cwd DIR 254,1 4096 2 /
pcscd 7526 root rtd DIR 254,1 4096 2 /
pcscd 7526 root txt REG 254,1 102344 3481724 /usr/sbin/pcscd
pcscd 7526 root mem REG 254,1 90504 12165132 /lib/libgcc_s.so.1
pcscd 7526 root mem REG 254,1 1432968 12165514 /lib/libc-2.11.2.so
pcscd 7526 root mem REG 254,1 31744 12165517 /lib/librt-2.11.2.so
pcscd 7526 root mem REG 254,1 131260 12165516 /lib/libpthread-2.11.2.so
pcscd 7526 root mem REG 254,1 261656 12165152 /lib/libdbus-1.so.3.4.0
pcscd 7526 root mem REG 254,1 64904 7016809 /usr/lib/libhal.so.1.0.0
pcscd 7526 root mem REG 254,1 14696 12165512 /lib/libdl-2.11.2.so
pcscd 7526 root mem REG 254,1 128744 12166360 /lib/ld-2.11.2.so
pcscd 7526 root mem REG 254,1 65537 12681220 /var/run/pcscd/pcscd.pub
pcscd 7526 root 0u CHR 1,3 1295 /dev/null
pcscd 7526 root 1u CHR 1,3 1295 /dev/null
pcscd 7526 root 2u CHR 1,3 1295 /dev/null
pcscd 7526 root 3u REG 254,1 65537 12681220 /var/run/pcscd/pcscd.pub
pcscd 7526 root 4u unix 0xffff88011f978000 141590 /var/run/pcscd/pcscd.comm
pcscd 7526 root 5u unix 0xffff880138fd3600 141626 socket
pcscd 7526 root 7u unix 0xffff88013ba94600 634363 /var/run/pcscd/pcscd.comm
pcscd 7526 root 8u unix 0xffff88011f979b00 163816 socket
pcscd 7526 root 9u unix 0xffff88011f9e4900 867065 /var/run/pcscd/pcscd.comm
pcscd 7526 root 46w REG 254,1 5008 12550526 /var/log/apt/history.log
This is (most probably) the pcscd installed through "aptitude install
pcscd", which means that apt leaks the file descriptor to the
history.log all the way to started daemons!
The attached patch, not really tested, should fix this. It makes apt
incompatible with another libc than glibc, and with glibc < 2.7. This
means it makes apt incompatible with etch; policy-wise this is no
problem since Debian does not support "jumping releases" on updates,
so this patch would even be OK for squeeze, even though I understand
it could make it only to squeeze+1.
I'm not sure what would happen on e.g. Debian GNU/kFreeBSD. Maybe we
are better off either doing open() and then fcntl() to enable
FD_CLOEXEC, or even to close it by hand between fork() and exec().
-- Package-specific info:
-- apt-config dump --
APT "";
APT::Architecture "amd64";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Install-Recommends "1";
APT::Install-Suggests "0";
APT::Acquire "";
APT::Acquire::Translation "environment";
APT::Update "";
APT::Update::Post-Invoke "";
APT::Update::Post-Invoke:: "[ ! -x /usr/lib/ia32-libs-tools/update-arch-all.list ] || /usr/lib/ia32-libs-tools/update-arch-all.list";
APT::Update::Post-Invoke-Success "";
APT::Update::Post-Invoke-Success:: "[ ! -f /var/run/dbus/system_bus_socket ] || /usr/bin/dbus-send --system --dest=org.debian.apt --type=signal /org/debian/apt org.debian.apt.CacheChanged || true";
APT::Authentication "";
APT::Authentication::TrustCDROM "true";
APT::NeverAutoRemove "";
APT::NeverAutoRemove:: "^firmware-linux.*";
APT::NeverAutoRemove:: "^linux-firmware$";
APT::NeverAutoRemove:: "^linux-image.*";
APT::NeverAutoRemove:: "^kfreebsd-image.*";
APT::NeverAutoRemove:: "^linux-restricted-modules.*";
APT::NeverAutoRemove:: "^linux-ubuntu-modules-.*";
APT::Never-MarkAuto-Sections "";
APT::Never-MarkAuto-Sections:: "metapackages";
APT::Never-MarkAuto-Sections:: "restricted/metapackages";
APT::Never-MarkAuto-Sections:: "universe/metapackages";
APT::Never-MarkAuto-Sections:: "multiverse/metapackages";
APT::Never-MarkAuto-Sections:: "oldlibs";
APT::Never-MarkAuto-Sections:: "restricted/oldlibs";
APT::Never-MarkAuto-Sections:: "universe/oldlibs";
APT::Never-MarkAuto-Sections:: "multiverse/oldlibs";
APT::Cache-Limit "201326592";
Dir "/";
Dir::State "var/lib/apt/";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::mirrors "mirrors/";
Dir::State::extended_states "/var/lib/apt/extended_states";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt/";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt/";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::sourceparts "sources.list.d";
Dir::Etc::vendorlist "vendors.list";
Dir::Etc::vendorparts "vendors.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::netrc "auth.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Etc::preferencesparts "preferences.d";
Dir::Etc::trusted "trusted.gpg";
Dir::Etc::trustedparts "trusted.gpg.d";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::dpkg "/usr/bin/dpkg";
Dir::Media "";
Dir::Media::MountPath "/media/apt";
Dir::Log "var/log/apt";
Dir::Log::Terminal "term.log";
Dir::Log::History "history.log";
Dir::Ignore-Files-Silently "";
Dir::Ignore-Files-Silently:: "~$";
Dir::Ignore-Files-Silently:: "\.disabled$";
Dir::Ignore-Files-Silently:: "\.bak$";
Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$";
Acquire "";
Acquire::CompressionTypes "";
Acquire::CompressionTypes::Order "";
Acquire::CompressionTypes::Order:: "lzma";
Acquire::CompressionTypes::Order:: "bzip2";
Acquire::CompressionTypes::Order:: "gz";
Unattended-Upgrade "";
Unattended-Upgrade::Allowed-Origins "";
Unattended-Upgrade::Allowed-Origins:: "Debian stable";
DPkg "";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
CommandLine "";
CommandLine::AsString "apt-config dump";
-- /etc/apt/preferences --
Package: *
Pin: release a=stable
Pin-Priority: 500
Package: *
Pin: release a=testing
Pin-Priority: 400
Package: *
Pin: release a=unstable
Pin-Priority: 300
Package: *
Pin: release a=unstable-i386
Pin-Priority: 250
Package: *
Pin: release a=testing-i386
Pin-Priority: 260
Package: *
Pin: release a=stable-i386
Pin-Priority: 270
-- (/etc/apt/sources.list present, but not submitted) --
-- System Information:
Debian Release: squeeze/sid
APT prefers stable
APT policy: (500, 'stable'), (400, 'testing'), (300, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_LU.UTF-8, LC_CTYPE=fr_LU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages apt depends on:
ii debian-archive-keyring 2010.08.28~lenny1 GnuPG archive keys of the Debian a
ii gnupg 1.4.9-3+lenny1 GNU privacy guard - a free PGP rep
ii libc6 2.11.2-5 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.4.4-8 GCC support library
ii libstdc++6 4.4.4-8 The GNU Standard C++ Library v3
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
apt recommends no packages.
Versions of packages apt suggests:
pn apt-doc <none> (no description available)
ii aptitude 0.6.3-3.1 terminal-based package manager (te
ii bzip2 1.0.5-1 high-quality block-sorting file co
ii dpkg-dev 1.15.8.4 Debian package development tools
ii lzma 4.43-14 Compression method of 7z format in
ii python-apt 0.7.97.1 Python interface to libapt-pkg
-- no debconf information
diff --recursive -uN apt-0.8.7/apt-pkg/deb/dpkgpm.cc apt-0.8.7.lio/apt-pkg/deb/dpkgpm.cc
--- apt-0.8.7/apt-pkg/deb/dpkgpm.cc 2010-09-06 18:08:43.000000000 +0200
+++ apt-0.8.7.lio/apt-pkg/deb/dpkgpm.cc 2010-10-28 06:22:33.000000000 +0200
@@ -669,7 +669,7 @@
_config->Find("Dir::Log::History"));
if (!history_name.empty())
{
- history_out = fopen(history_name.c_str(),"a");
+ history_out = fopen(history_name.c_str(),"ae");
if (history_out == NULL)
return _error->WarningE("OpenLog", _("Could not open file '%s'"), history_name.c_str());
chmod(history_name.c_str(), 0644);
Reply to: