thr3ads.net - Secure testing team - [Secure-testing-team] Bug#492282: "seahorse-agent --execute" leaks file descriptors [Jul 2008]

If this information is useful, please help other people find it:
Share via:

Stefan Fritsch

2008-Jul-24 20:56 UTC

[Secure-testing-team] Bug#492282: "seahorse-agent --execute" leaks file descriptors

Package: seahorse
Version: 2.22.3-1
Severity: normal
Tags: security

Seahorse leaks file descriptors to processes started with "seahorse-agent
--execute", including the gpg agent listening socket. For the default
setup,
this means that all processes started from the desktop inherit those FDs and can
possibly use them. This can be a security issue because the FDs are also
inherited to processes started with su as a different user which normally would
not have access to gpg key and gpg agent socket.

Seahorse should use fcntl to set FD_CLOEXEC on its FDs.


PS: LVM complains about the open FDs, too:

$ su
Password:
# lvs
File descriptor 8 left open
File descriptor 9 left open
File descriptor 13 left open
...


PPS: You can use filan from the socat package to display information about the
open FDs.

Secure testing team - Jul 2008 - Bug#492282: "seahorse-agent --execute" leaks file descriptors

[Secure-testing-team] Bug#492282: "seahorse-agent --execute" leaks file descriptors