Nagios leaking file descriptors ?
Jon Angliss
jon at netdork.net
Sun Nov 2 05:03:09 CET 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 29 Oct 2008 11:42:07 +0100, "Robert M. Albrecht"
<romal at gmx.de> wrote:
>Hi,
>
>SELinux seems to have found a bug in Nagios.
>
>https://bugzilla.redhat.com/show_bug.cgi?id=462896
>
>This says the ping command is reading /var/spool/nagios/cmd/nagios.cmd,
>which seems highly unlikely. Looks like a leaked file descriptor.
>nagios should close all open file descriptors before execing apps.
>fcntl(fd, F_SETFD, FD_CLOEXEC)
>
>Any ideas ?
Do you have config details on how you're executing ping? The
check_ping plugin executes the ping command directly,and parses the
output. But the check_ping plugin itself doesn't open the command
file as far as I can see. If it did, simply calling check_ping would
show access to the file, which on my box, I don't see.
This would hint that the "leak" may be a little further upstream from
the execution of ping. However, it might not be a leak at all, and
might be handled after the ping command is executed, but as the
command is being executed as a seperate thread, selinux is getting a
false-positive on the leak. Obviously, it's already confused about
"ping" being the cause of the file descriptor being leaked.
As a side note, I believe check_icmp is a recommended alternative, as
it performs all the operations of ping, without the plugin itself
having to parse the respoonse of ping.
- --
Jon Angliss
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32) - GPGshell v3.64
iEYEARECAAYFAkkNJmAACgkQK4PoFPj9H3O47wCfdp4sclSA4C/7JCmZDF6Locm9
iesAn29Gk+hMWCHk18Wt0LCpCkK+dcIt
=P+iG
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
More information about the Developers
mailing list