[Linux-HA] File descriptors in heartbeat V1

Alan Robertson alanr at unix.sh
Wed Oct 26 10:04:55 MDT 2005


Simon Rowe wrote:
> On Wednesday 26 Oct 2005 15:02, Alan Robertson wrote:
> 
>> Well... It's only a security problem if they read or write them.  Only
>> the appropriate child processes read or write them.
> 
> If the child process doesn't need them then they should be closed.
> 
>> It's only a resource problem if they were different file descriptors.
>> In the kernel, they're all the same file descriptor - so no additional
>> resources are consumed.
> 
> I was thinking more that it reduces the number of fds a process could open. 
> This isn't an issue in reality because the child processes only need a few 
> fds.

Right.

>> It wouldn't be so hard to close the _media_ file descriptors that aren't
>> needed.  But, I don't know of any attacks that can take advantage of
>> them being open.
> 
> You really should close those fds that aren't required, not knowing of any 
> existing attacks isn't a good enough protection. There's nothing to stop 
> someone discovering a vulnerability in the serial plugin and then using to 
> launch a DOS via the ethernet fd.

OK...

http://www.osdl.org/developer_bugzilla/show_bug.cgi?id=929

If you create yourself an account on our bugzilla server, then you can 
add yourself to the CC list for this bug.


-- 
     Alan Robertson <alanr at unix.sh>

"Openness is the foundation and preservative of friendship...  Let me 
claim from you at all times your undisguised opinions." - William 
Wilberforce



More information about the Linux-HA mailing list