https://bugzilla.novell.com/show_bug.cgi?id=413937 Summary: Security hole: several file descriptors are leaked into processes started by KDE Product: openSUSE 11.0 Version: Final Platform: x86-64 OS/Version: openSUSE 11.0 Status: NEW Severity: Major Priority: P5 - None Component: KDE4 Workspace AssignedTo: kde-maintainers@suse.de ReportedBy: bart.vanassche@gmail.com QAContact: qa@suse.de Found By: Customer Install openSUSE 11.0 with KDE 4.0, create an account, log in through that account, open a shell and run the following command: lsof -p$$|grep '[0-9][a-z] ' Expected result: four file descriptors in use by bash (the output below is from KDE 3): bash 9783 vanasscb 0u CHR 136,1 3 /dev/pts/1 bash 9783 vanasscb 1u CHR 136,1 3 /dev/pts/1 bash 9783 vanasscb 2u CHR 136,1 3 /dev/pts/1 bash 9783 vanasscb 255u CHR 136,1 3 /dev/pts/1 Actual result: bash 3456 bart 0u CHR 136,1 0t0 3 /dev/pts/1 bash 3456 bart 1u CHR 136,1 0t0 3 /dev/pts/1 bash 3456 bart 2u CHR 136,1 0t0 3 /dev/pts/1 bash 3456 bart 3r FIFO 0,5 0t0 6044 pipe bash 3456 bart 4w FIFO 0,5 0t0 6044 pipe bash 3456 bart 6u unix 0xffff8100771511c0 0t0 7689 /tmp/ksocket-bart/kdeinit4__0 bash 3456 bart 12u REG 8,1 4296704 217543 /var/tmp/kdecache-bart/kpc/kde-icon-cache.index bash 3456 bart 13u REG 8,1 16240640 217544 /var/tmp/kdecache-bart/kpc/kde-icon-cache.data bash 3456 bart 14u unix 0xffff810077150400 0t0 7754 socket bash 3456 bart 15u unix 0xffff810077150140 0t0 7755 /tmp/.ICE-unix/3044 bash 3456 bart 17u REG 8,1 4296704 217543 /var/tmp/kdecache-bart/kpc/kde-icon-cache.index bash 3456 bart 18u REG 8,1 16240640 217544 /var/tmp/kdecache-bart/kpc/kde-icon-cache.data bash 3456 bart 255u CHR 136,1 0t0 3 /dev/pts/1 The above output shows that the processes that created bash did open several files and pipes without the FD_CLOEXEC flag. E.g. the /tmp/.ICE-unix/3044 was created by the process ksmserver. This is a security hole because this allows several processes to access information they should not be allowed to access. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.