http://bugzilla.suse.com/show_bug.cgi?id=1092329 Bug ID: 1092329 Summary: plasma5-workspace: plasmashell inherits file descriptors to child processes Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: KDE Workspace (Plasma) Assignee: fabian@ritter-vogt.de Reporter: matthias.gerstner@suse.com QA Contact: qa-bugs@suse.de CC: astieger@suse.com, kbabioch@suse.com, lnussel@suse.com, matthias.gerstner@suse.com, security-team@suse.de Found By: --- Blocker: --- Finding from Leap 15 general audit in bug 1090647. When logging into a KDE plasma session in Leap 15, a couple of file descriptors are inherited to child processes. Example: - log into a plasma session - open a `konsole` - `ls -lh /proc/$$/fd` will show things like these: lrwx------ 1 mgerstner users 64 May 8 11:55 0 -> /dev/pts/0 l-wx------ 1 mgerstner users 64 May 8 11:55 1 -> //dev/pts/0 lrwx------ 1 mgerstner users 64 May 8 11:55 10 -> /dev/pts/0 lrwx------ 1 mgerstner users 64 May 8 11:55 18 -> socket:[28235] lrwx------ 1 mgerstner users 64 May 8 11:55 2 -> /dev/pts/0 lrwx------ 1 mgerstner users 64 May 8 11:55 255 -> /dev/pts/0 lrwx------ 1 mgerstner users 64 May 8 11:55 27 -> socket:[28284] lrwx------ 1 mgerstner users 64 May 8 11:55 30 -> socket:[28301] lrwx------ 1 mgerstner users 64 May 8 11:55 31 -> socket:[28283] lrwx------ 1 mgerstner users 64 May 8 11:55 33 -> socket:[28311] lrwx------ 1 mgerstner users 64 May 8 11:55 34 -> socket:[28302] lrwx------ 1 mgerstner users 64 May 8 11:55 36 -> socket:[28321] lrwx------ 1 mgerstner users 64 May 8 11:55 46 -> /memfd:pulseaudio (deleted) lrwx------ 1 mgerstner users 64 May 8 11:55 48 -> socket:[33459] lrwx------ 1 mgerstner users 64 May 8 11:55 49 -> socket:[33460] lr-x------ 1 mgerstner users 64 May 8 11:55 50 -> /usr/share/sounds/Oxygen-Sys-Special.ogg lrwx------ 1 mgerstner users 64 May 8 11:55 55 -> socket:[33466] lrwx------ 1 mgerstner users 64 May 8 11:55 56 -> socket:[33467] It looks like these are opened by `plasmashell` process which is luckily already running as the logged in user and not as root. The amount and kind of open files is differing. Most times only unix domain sockets are left around. Child processes can happily read from and write to these sockets. It is unclear to me what their purpose is. Some of them seem to echo the data sent to them. While this should not pose a direct security issue it is very unclean. For example even after a `su -` to become root the file descriptors are inherited. So they can cross security boundaries. It might also confuse applications and reduces the amount of available file descriptors for each process. Whichever process is responsible for opening these files in the first place should set the `O_CLOEXEC` flag to avoid inheriting these file descriptors to arbitrary child processes. The same (or similar) situation is also found on Leap 42.3 by the way so this is probably an issue that exists for a longer while now. A test with the Gnome desktop on the other hand showed no extra open files. -- You are receiving this mail because: You are on the CC list for the bug.