Re: [Valgrind-users] FD leakage

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Robert,

Thanks for looking into this!

>Just catching this on execve should be enough here, 

Yes, the execve syscall is used by system & popen, so that should
catch all cases.

>> Then there's a certain case that should get special attention.
>> If the parent process leaks a listening descriptor, 
>
>I can highlight this particularly loudly.

Actually, I think the identification is:
1) the descriptor is a socket
2) the protocol is tcp
3) address family is AF_INET or AF_INET6
4) it has its address set to INADDR_ANY or
IN6_IS_ADDR_UNSPECIFIED.

You can test this out by trying stunnel 3.22 or apache 2.0.x.
They both leak listening descriptors.

>I can add this in but I'll probably make it so you have to 
>enable it on the command-line explicitly.

If this were enabled by default, more programmers might cleanup
their programs. I don't think anyone leaks descriptors on
purpose.

>As John Reiser mentioned, there's probably situations where 
>this isn't a problem and I don't want it annoying people in 
>this case.

People can concoct strange ways to do anything, they could pass
parameters through mmap'ed address space. But they are *rarely*
used. If they were used commonly, there would be a defined
constant for that descriptor and you would see it mentioned in C
programming books. John brings up a good point, but its rarely
used. I can't think of any Open Source program I've audited that
does that. Come to think of it, I definitely would want to be
warned about that so I can investigate its operation completely.

I would worry about the common case where 99.9% of programs
operate. Anyone bending the rules or doing something clever
should also be clever enough to realize that the warning can be
ignored. For example, doing any programming with openssl causes a
cascade of warnings to be generated. You look over the warnings
to make sure they come from ssl & generate a suppression. Its not
really a big deal. 

Ssl's use of uninitialized memory is not the common case that
99.9% of programs follow. Passing parameters on a descriptor > 2
is not a common case either. I think the identification of
security & resource problems outweigh accomodating rarely
utilized techniques, however clever they may be.

-Steve Grubb

__________________________________
Do you Yahoo!?
Find out what made the Top Yahoo! Searches of 2003
http://search.yahoo.com/top2003