Bug#410671: iceweasel: firefox leaks filehandles to external applications

[Marc Lehmann]

On Sun, Oct 02, 2011 at 01:20:34PM +0200, Jörg Sommer <joerg at alea.gnuu.de> wrote:
> how about using O_CLOEXEC when opening files or sockets?

there is no such flag for sockets, nor pipes, but indeed, linux has
recently acquired such interfaces, but they are not portable.

fcntl F_SETFD of course works, as well as simply closing all fds not known to
be needed.

I also checked it with firefox 6, and the problem persists - now firefox even
has handles for sqlite files open, as well as having lots of sockets and
pipes:

   *sh-4.1# ls -l /proc/self/fd
   total 0
   lrwx------ 1 root root 64 Oct  2 15:16 0 -> /dev/pts/7
   lrwx------ 1 root root 64 Oct  2 15:16 1 -> /dev/pts/7
   lr-x------ 1 root root 64 Oct  2 15:16 10 -> pipe:[10284]
   l-wx------ 1 root root 64 Oct  2 15:16 11 -> pipe:[10284]
   l-wx------ 1 root root 64 Oct  2 15:16 16 -> /localvol/root/.mozilla/firefox/c4h3tlpc.default/.parentlock
   lrwx------ 1 root root 64 Oct  2 15:16 2 -> /dev/pts/7
   lr-x------ 1 root root 64 Oct  2 15:16 20 -> pipe:[9372]
   l-wx------ 1 root root 64 Oct  2 15:16 21 -> pipe:[9372]
   lr-x------ 1 root root 64 Oct  2 15:16 22 -> pipe:[5052]
   l-wx------ 1 root root 64 Oct  2 15:16 23 -> pipe:[5052]
   lr-x------ 1 root root 64 Oct  2 15:16 24 -> pipe:[5053]
   l-wx------ 1 root root 64 Oct  2 15:16 25 -> pipe:[5053]
   lr-x------ 1 root root 64 Oct  2 15:16 26 -> /dev/urandom
   lr-x------ 1 root root 64 Oct  2 15:16 3 -> pipe:[10718]
   lr-x------ 1 root root 64 Oct  2 15:16 30 -> pipe:[5057]
   l-wx------ 1 root root 64 Oct  2 15:16 31 -> pipe:[5057]
   lrwx------ 1 root root 64 Oct  2 15:16 35 -> /localvol/root/.mozilla/firefox/c4h3tlpc.default/cookies.sqlite-shm
   lr-x------ 1 root root 64 Oct  2 15:16 4 -> /dev/null
   lr-x------ 1 root root 64 Oct  2 15:16 41 -> pipe:[5059]
   l-wx------ 1 root root 64 Oct  2 15:16 42 -> pipe:[5059]
   lrwx------ 1 root root 64 Oct  2 15:16 47 -> /localvol/root/.mozilla/firefox/c4h3tlpc.default/places.sqlite-shm
   l-wx------ 1 root root 64 Oct  2 15:16 5 -> pipe:[10718]
   lrwx------ 1 root root 64 Oct  2 15:16 58 -> socket:[11443]
   lrwx------ 1 root root 64 Oct  2 15:16 59 -> socket:[10711]
   lr-x------ 1 root root 64 Oct  2 15:16 6 -> /proc/2267/fd
   lrwx------ 1 root root 64 Oct  2 15:16 60 -> socket:[9696]

Also, to the guy who tagged this as unreproducible: you haven't tried it
out, because its clearly reproducible in all versions since then. shame on
you for tagging this as unreproducible without verifying it.

And to the guy who tagged this wontfix, this is a security bug. Whats the
deal with debian not caring about obvious security bugs anymore? Do you
know need a cert advisory to accept a security issue or what? Shame on you
too.

-- 
                The choice of a       Deliantra, the free code+content MORPG
      -----==-     _GNU_              http://www.deliantra.net
      ----==-- _       generation
      ---==---(_)__  __ ____  __      Marc Lehmann
      --==---/ / _ \/ // /\ \/ /      schmorp at schmorp.de
      -=====/_/_//_/\_,_/ /_/\_\