#2422 children inherit 2 open pipes (security?)

obsolete: 8.4.3
open
5
2006-03-14
2003-07-16
No

As reported by Debian's SELinux (Security Enhanced
Linux) maintainer, Russell Coker, in
<http://bugs.debian.org/201062>: the threaded *nix
versions of tcl seem to open a pair of pipes, and the
filehandles are not set to close-on-exec. Quoting
Russell: "If the program runs in a different security
context then these open file handles may allow the
program to interfere with the operation of expect [or
tclsh or whatever] and therefore gain undesired access
to the system."

Normally, of course, pipes should be inherited by
children (that's their whole purpose), but these pipes
seem to be used just for internal communications
between threads, as far as I can tell. I'm not 100%
sure this is a bug, but if it is, then I'm fairly sure
it's an important one, and should probably be fixed
before 8.4.4 is released.

cheers

Discussion

  • Zoran Vasiljevic

    Logged In: YES
    user_id=95086

    Andreas, should I take over this one?

     
  • Andreas Kupries

    Andreas Kupries - 2006-03-14

    Logged In: YES
    user_id=75003

    Boy, am I late. Yes please.

     
  • Andreas Kupries

    Andreas Kupries - 2006-03-14
    • assigned_to: andreas_kupries --> vasiljevic