[prev in list] [next in list] [prev in thread] [next in thread] 

List:       smartmontools-support
Subject:    Re: [smartmontools-support] [PATCH] Set FD_CLOEXEC on the device
From:       Bruce Allen <ballen () gravity ! phys ! uwm ! edu>
Date:       2008-03-17 14:18:47
Message-ID: Pine.LNX.4.63.0803170813350.28418 () homer ! phys ! uwm ! edu
[Download RAW message or body]

Hi Tomá,

I'm getting ready to apply this patch, thank you.  This is probably 
applicable to other OSes as well.  By the way, I assume that the 'close on 
exec' does not restrict the 'duplication' of the fd that happens during 
fork, when smartd forks itself twice to detach from controlling terminals, 
stdin/out, etc.

Would it be possible for me to add you to the list of smartmontools 
developers?  Then you could check code changes like this directly into 
CVS.  The smartmontools developers already include maintainers from 
Debian, Suse, and Mandrake (and perhaps others that I have forgotten). 
Since Redhat/FC are very widely used, it makes sense for you to have the 
ability to move fixes upstream.

Cheers,
 	Bruce


On Mon, 17 Mar 2008, Tomá Smetana wrote:

> Hello,
>  I'm attaching a patch that sets FD_CLOEXEC on the opened device file
> descriptor.  The descriptor is otherwise leaked to other applications
> (mail sender) which may be considered a security risk and may result in
> AVC messages on SELinux-enabled systems.
>
>

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

_______________________________________________
Smartmontools-support mailing list
Smartmontools-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/smartmontools-support


[prev in list] [next in list] [prev in thread] [next in thread]