https://bugzilla.novell.com/show_bug.cgi?id=745339 https://bugzilla.novell.com/show_bug.cgi?id=745339#c0 Summary: lightdm leaks fds to child processes Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: gber@opensuse.org QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 For the initial Debian report (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658678): ----8<---- Package: lightdm Version: 1.0.6-3 Severity: normal Dear Maintainer, lightdm appears to leak several file descriptors to the child process it creates for the session, which propagate to nearly every process running in an interactive session. For example, running ls -l /proc/self/fd from a terminal in X yields lrwx------ 1 amdragon amdragon 64 Feb 4 23:52 0 -> /dev/pts/15 lrwx------ 1 amdragon amdragon 64 Feb 4 23:52 1 -> /dev/pts/15 lr-x------ 1 amdragon amdragon 64 Feb 4 23:52 13 -> pipe:[10098] l-wx------ 1 amdragon amdragon 64 Feb 4 23:52 14 -> pipe:[10098] lr-x------ 1 amdragon amdragon 64 Feb 4 23:52 15 -> pipe:[10099] l-wx------ 1 amdragon amdragon 64 Feb 4 23:52 16 -> pipe:[10099] lrwx------ 1 amdragon amdragon 64 Feb 4 23:52 2 -> /dev/pts/15 lr-x------ 1 amdragon amdragon 64 Feb 4 23:52 3 -> /proc/27874/fd/ lr-x------ 1 amdragon amdragon 64 Feb 4 23:52 4 -> pipe:[9306] l-wx------ 1 amdragon amdragon 64 Feb 4 23:52 5 -> pipe:[9306] l-wx------ 1 amdragon amdragon 64 Feb 4 23:52 6 -> /var/log/lightdm/lightdm.log FDs 4 through 16 were inherited from the lightdm process, as can be seen from its open FDs, $ sudo ls -l /proc/`pidof lightdm`/fd total 0 lrwx------ 1 root root 64 Feb 4 23:54 0 -> /dev/null lrwx------ 1 root root 64 Feb 4 23:54 1 -> /dev/null lr-x------ 1 root root 64 Feb 4 23:54 10 -> pipe:[9315] l-wx------ 1 root root 64 Feb 4 23:54 11 -> pipe:[9315] lrwx------ 1 root root 64 Feb 4 23:54 12 -> socket:[10302] lr-x------ 1 root root 64 Feb 4 23:54 13 -> pipe:[10098] l-wx------ 1 root root 64 Feb 4 23:54 14 -> pipe:[10098] lr-x------ 1 root root 64 Feb 4 23:54 15 -> pipe:[10099] l-wx------ 1 root root 64 Feb 4 23:54 16 -> pipe:[10099] lrwx------ 1 root root 64 Feb 4 23:54 17 -> socket:[10101] lrwx------ 1 root root 64 Feb 4 23:54 2 -> /dev/null lrwx------ 1 root root 64 Feb 4 23:54 3 -> anon_inode:[eventfd] lr-x------ 1 root root 64 Feb 4 23:54 4 -> pipe:[9306] l-wx------ 1 root root 64 Feb 4 23:54 5 -> pipe:[9306] l-wx------ 1 root root 64 Feb 4 23:54 6 -> /var/log/lightdm/lightdm.log lrwx------ 1 root root 64 Feb 4 23:54 7 -> anon_inode:[eventfd] lrwx------ 1 root root 64 Feb 4 23:54 8 -> socket:[8076] lrwx------ 1 root root 64 Feb 4 23:54 9 -> anon_inode:[eventfd] FD 6 is particularly worrisome, as it allows any process to write to the root-owned lightdm log. It might be relevant that I use an .xsession script and Xmonad with no desktop environment. ---->8---- This can be reproduced on the current package in openSUSE 12.1 and Factory. Reproducible: Always -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.