[PKG-OpenRC-Debian] Bug#832940: closing fd 0, 1, 2 can break daemons

Jon Boden jon at ubuntubsd.org
Fri Jul 29 20:01:38 UTC 2016 

Package: openrc
Version: 0.21-1
Severity: important

Hi

openrc's behaviour of closing fd 0,1,2 can potentially break daemons. An example of this was found with dbus 1.10.6-1ubuntu3 on ubuntuBSD (however the openrc version this report is based on, is imported pristine from Debian).

Below are excerpts from ktrace/kdump output of dbus-daemon (when being called by openrc).

First a socket is created and assigned fd 0 because it's the first free fd:

  1057 dbus-daemon CALL  socket(PF_LOCAL,SOCK_CLOEXEC|SOCK_STREAM,0)
  1057 dbus-daemon RET   socket 0
  1057 dbus-daemon CALL  stat(0x635520,0x7fffffffe480)
  1057 dbus-daemon NAMI  "/var/run/dbus/system_bus_socket"
  1057 dbus-daemon RET   stat -1 errno 2 No such file or directory
  1057 dbus-daemon CALL  bind(0,0x7fffffffe520,0x21)
  1057 dbus-daemon STRU  struct sockaddr { AF_LOCAL, /var/run/dbus/system_bus_socket }
  1057 dbus-daemon NAMI  "/var/run/dbus/system_bus_socket"
  1057 dbus-daemon RET   bind 0
  1057 dbus-daemon CALL  listen(0,0x1e)
  1057 dbus-daemon RET   listen 0
  1057 dbus-daemon CALL  fcntl(0,F_GETFL,0)
  1057 dbus-daemon RET   fcntl 2
  1057 dbus-daemon CALL  fcntl(0,F_SETFL,0x6<O_RDWR|O_NONBLOCK>)
  1057 dbus-daemon RET   fcntl 0
  1057 dbus-daemon CALL  chmod(0x635520,0x1ff<S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IWGRP|S_IXGRP|S_IROTH|S_IWOTH|S_IXOTH>)
  1057 dbus-daemon NAMI  "/var/run/dbus/system_bus_socket"
  1057 dbus-daemon RET   chmod 0

then another routine in dbus closes fds 0,1,2, replacing them with /dev/null descriptors. Obviously it intends to disable stdio however unknowingly it is actually closing the socket:

  1058 dbus-daemon CALL  open(0x427733,0x2<O_RDWR>,<unused>0)
  1058 dbus-daemon NAMI  "/dev/null"
  1058 dbus-daemon RET   open 3
  1058 dbus-daemon CALL  dup2(0x3,0)
  1058 dbus-daemon RET   dup2 0
  1058 dbus-daemon CALL  dup2(0x3,0x1)
  1058 dbus-daemon RET   dup2 1
  1058 dbus-daemon CALL  issetugid
  1058 dbus-daemon RET   issetugid 0
  1058 dbus-daemon CALL  dup2(0x3,0x2)
  1058 dbus-daemon RET   dup2 2
  1058 dbus-daemon CALL  close(0x3)
  1058 dbus-daemon RET   close 0

then operations on the socket fail, leaving the system with a broken dbus:

  1058 dbus-daemon CALL  accept4(0,0x7fffffffe5b0,0x7fffffffe5ac,0x10000000)
  1058 dbus-daemon RET   accept4 -1 errno 38 Socket operation on non-socket
  1058 dbus-daemon CALL  fcntl(0xffffffff,F_GETFD,0)
  1058 dbus-daemon RET   fcntl -1 errno 9 Bad file descriptor

If you want to disable stdio I think it would be much better to replace them with /dev/null descriptors. Too many apps assume fds 0,1,2 are reserved for stdio. Leaving them free for any other use is dangerous IMHO.

-- 
Jon Boden

ubuntuBSD -- The power of FreeBSD kernel with familiarity of Ubuntu OS!

http://www.ubuntubsd.org/ -- https://twitter.com/ubuntuBSD

More information about the OpenRC-devel mailing list