[Linux-HA] File descriptors in heartbeat V1
Alan Robertson
alanr at unix.sh
Wed Oct 26 10:04:55 MDT 2005
Simon Rowe wrote:
> On Wednesday 26 Oct 2005 15:02, Alan Robertson wrote:
>
>> Well... It's only a security problem if they read or write them. Only
>> the appropriate child processes read or write them.
>
> If the child process doesn't need them then they should be closed.
>
>> It's only a resource problem if they were different file descriptors.
>> In the kernel, they're all the same file descriptor - so no additional
>> resources are consumed.
>
> I was thinking more that it reduces the number of fds a process could open.
> This isn't an issue in reality because the child processes only need a few
> fds.
Right.
>> It wouldn't be so hard to close the _media_ file descriptors that aren't
>> needed. But, I don't know of any attacks that can take advantage of
>> them being open.
>
> You really should close those fds that aren't required, not knowing of any
> existing attacks isn't a good enough protection. There's nothing to stop
> someone discovering a vulnerability in the serial plugin and then using to
> launch a DOS via the ethernet fd.
OK...
http://www.osdl.org/developer_bugzilla/show_bug.cgi?id=929
If you create yourself an account on our bugzilla server, then you can
add yourself to the CC list for this bug.
--
Alan Robertson <alanr at unix.sh>
"Openness is the foundation and preservative of friendship... Let me
claim from you at all times your undisguised opinions." - William
Wilberforce
More information about the Linux-HA
mailing list