From: Tomáš S. <tsm...@re...> - 2008-03-17 08:44:36
Attachments:
smartmontools-5.38-cloexec.patch
|
Hello, I'm attaching a patch that sets FD_CLOEXEC on the opened device file descriptor. The descriptor is otherwise leaked to other applications (mail sender) which may be considered a security risk and may result in AVC messages on SELinux-enabled systems. -- Tomáš Smetana |
From: Bruce A. <ba...@gr...> - 2008-03-17 14:20:15
|
Hi Tomá, I'm getting ready to apply this patch, thank you. This is probably applicable to other OSes as well. By the way, I assume that the 'close on exec' does not restrict the 'duplication' of the fd that happens during fork, when smartd forks itself twice to detach from controlling terminals, stdin/out, etc. Would it be possible for me to add you to the list of smartmontools developers? Then you could check code changes like this directly into CVS. The smartmontools developers already include maintainers from Debian, Suse, and Mandrake (and perhaps others that I have forgotten). Since Redhat/FC are very widely used, it makes sense for you to have the ability to move fixes upstream. Cheers, Bruce On Mon, 17 Mar 2008, Tomá Smetana wrote: > Hello, > I'm attaching a patch that sets FD_CLOEXEC on the opened device file > descriptor. The descriptor is otherwise leaked to other applications > (mail sender) which may be considered a security risk and may result in > AVC messages on SELinux-enabled systems. > > |