[PKG-IRC-Maintainers] Bug#668253: inspircd: does not close stdin or stderr on startup, consumes 100% cpu
Helmut Grohne
helmut at subdivi.de
Tue Apr 10 08:00:47 UTC 2012
Source: inspircd
Version: 1.1.22+dfsg-4
Severity: important
Tags: security
I noticed that my inspircd would run at 100% CPU usage after being
restarted. Well actually this only started after I logged out. A quick
strace shows that inspircd calls poll in a loop and the result is always
fd=0. lsof then shows that fd=0 is connected to the terminal I used to
restart inspircd. When I logged out, it was closed and poll would always
return that fd. The problem is worse though. This can be used to
escalate privileges (from irc to root) when combined with an arbitrary
code execution flaw (such as the one fixed in DSA-2448-1).
Interestingly this problem does not exist according to the
documentation (include/inspircd.h):
| /** Daemonize the ircd and close standard input/output streams
| * @return True if the program daemonized succesfully
| */
| bool DaemonSeed();
However looking at the definition (src/inspircd.cpp) clearly shows that
the closing of the streams does not happen.
Helmut
More information about the Pkg-irc-maintainers
mailing list