[Linux-HA] File descriptors in heartbeat V1
Simon Rowe
srowe at cambridgebroadband.com
Wed Oct 26 08:11:55 MDT 2005
On Wednesday 26 Oct 2005 15:02, Alan Robertson wrote:
> Well... It's only a security problem if they read or write them. Only
> the appropriate child processes read or write them.
If the child process doesn't need them then they should be closed.
> It's only a resource problem if they were different file descriptors.
> In the kernel, they're all the same file descriptor - so no additional
> resources are consumed.
I was thinking more that it reduces the number of fds a process could open.
This isn't an issue in reality because the child processes only need a few
fds.
> It wouldn't be so hard to close the _media_ file descriptors that aren't
> needed. But, I don't know of any attacks that can take advantage of
> them being open.
You really should close those fds that aren't required, not knowing of any
existing attacks isn't a good enough protection. There's nothing to stop
someone discovering a vulnerability in the serial plugin and then using to
launch a DOS via the ethernet fd.
More information about the Linux-HA
mailing list