konsole leaks file descriptors for /tmp/kde-$USER/konsole*.tmp
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
KDE Base |
Fix Released
|
Medium
|
|||
kdelibs |
Fix Released
|
Medium
|
|||
kde4libs (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
kdebase (Fedora) |
Fix Released
|
Medium
|
Bug Description
Binary package hint: konsole
Description: Ubuntu 9.04
Release: 9.04
Version: konsole 4:4.2.2-0ubuntu4
Expected behavior:
Programs executed by user within a konsole shell will only have file descriptors 0 (stdin), 1 (stdout), and 2 (stderr) open when they begin.
Actual behavior:
/usr/bin/konsole leaves multiple open file descriptors pointing to files in:
/tmp/kde-
when executing programs from within it.
It should perform a:
fcntl(fd, F_SETFD, FD_CLOEXEC)
on each of these file descriptors prior to exec'ing the program.
This is apparently also in other distributions as noted in this RedHat bug report:
https:/
Security risk:
Leaving open file descriptors could potentially cause a sudo'ed process to dump privileged information to a non-root user file.
visibility: | private → public |
Changed in kdebase (Fedora): | |
status: | Unknown → Invalid |
affects: | kdebase (Ubuntu) → kdelibs (Ubuntu) |
Changed in kdelibs (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
affects: | kdelibs (Ubuntu) → kde4libs (Ubuntu) |
Changed in kdebase (Fedora): | |
status: | Invalid → Unknown |
Changed in kdelibs: | |
status: | Unknown → Fix Released |
Changed in kdebase: | |
status: | Unknown → Fix Released |
Changed in kdebase (Fedora): | |
status: | Unknown → Fix Released |
Changed in kdelibs: | |
importance: | Unknown → Medium |
Changed in kde-baseapps: | |
importance: | Unknown → Medium |
Changed in kdebase (Fedora): | |
importance: | Unknown → Medium |
This is the one bug to rule them all.
Description of problem:
SELinux AVC warnings are being issued due to Konsole leaking open file descriptors
Will report this upstream, and all existing bugs and new bugs re this topic will be duped to this one.