event_handler pipe fd inheritation
Ethan Galstad
egalstad at nagios.com
Wed Jun 17 15:12:48 CEST 2009
Bastian Friedrich wrote:
> Hi,
>
> we are using a mechanism in our event_handlers that shall try to restart
> broken local services; eventually, normal init scripts (/etc/init.d/...) are
> started, which in turn start arbitrary daemons (say, mysql).
>
> nagios creates a pipe to its event_handlers (and possibly other executables)
> in base/util.c for parent/child communication. The file descriptor to this
> pipe is (currently) not given the FD_CLOEXEC. This results in this fd being
> inherited by the event_handler (started by "popen()"), and, in our case, by
> the daemon (say, mysql). (The pipe is, e.g., visible in /proc/<whatever>/fd).
> As our daemons do not tend to close arbitrary fd's, this fd is never closed
> from the event_handler. As nagios waits for the file to be closed to continue
> its work, this results in a "denial of service" for the time that the daemon
> runs.
>
> The pipe fd should be set the FD_CLOEXEC flag; it is then not inherited by the
> event_handler.
>
> Patch attached.
>
> Best regards
> Bastian
Thanks for the patch Bastian. Took a while to close it, but its in CVS now.
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
More information about the Developers
mailing list