Ubuntu
seahorse package

Seahorse agent leaks file descriptors into created processes

Bug #235184 reported by Bart Van Assche
256
Affects Status Importance Assigned to Milestone
seahorse
Fix Released
High
seahorse (Debian)
Fix Released
Unknown
seahorse (Ubuntu)
Fix Released
Medium
Ubuntu Desktop Bugs

Bug Description

Binary package hint: seahorse

$ lsb_release -rd
Description: Ubuntu 8.04
Release: 8.04

Install Kubuntu 8.04 (desktop, 64-bit), create an account, log in through that account, open a shell and run the following command:

lsof -p$$|grep '[0-9][a-z] '

Expected result: four file descriptors in use by bash (the output below is from Ubuntu 7.10):

bash 9783 vanasscb 0u CHR 136,1 3 /dev/pts/1
bash 9783 vanasscb 1u CHR 136,1 3 /dev/pts/1
bash 9783 vanasscb 2u CHR 136,1 3 /dev/pts/1
bash 9783 vanasscb 255u CHR 136,1 3 /dev/pts/1

Actual result:

bash 13216 vanasscb 0u CHR 136,3 5 /dev/pts/3
bash 13216 vanasscb 1u CHR 136,3 5 /dev/pts/3
bash 13216 vanasscb 2u CHR 136,3 5 /dev/pts/3
bash 13216 vanasscb 4r FIFO 0,5 16413 pipe
bash 13216 vanasscb 5w FIFO 0,5 16413 pipe
bash 13216 vanasscb 6r FIFO 0,5 16414 pipe
bash 13216 vanasscb 7w FIFO 0,5 16414 pipe
bash 13216 vanasscb 8r FIFO 0,5 16415 pipe
bash 13216 vanasscb 9w FIFO 0,5 16415 pipe
bash 13216 vanasscb 13u unix 0xffff8100685762c0 16470 /tmp/seahorse-WOeHBB/S.gpg-agent
bash 13216 vanasscb 255u CHR 136,3 5 /dev/pts/3

The above output shows that the processes that created bash did open several files and pipes without the FD_CLOEXEC flag. E.g. the /tmp/seahorse-WOeHBB/S.gpg-agent Unix socket was created by the process /usr/bin/seahorse-agent. This is a security hole because this allows several processes to access information they should not be allowed to access.

Revision history for this message
Sebastien Bacher (seb128) wrote :

thank you for your bug report, the issue seems similar to http://bugzilla.gnome.org/show_bug.cgi?id=544672

Changed in seahorse:
importance: Undecided → Medium
status: New → Triaged
status: Triaged → Fix Committed
Bug Watch Updater (bug-watch-updater)
Changed in seahorse:
status: Unknown → Confirmed
status: Unknown → Fix Released
Revision history for this message
Bart Van Assche (bart-vanassche) wrote : Re: [Bug 235184] Re: Seahorse agent leaks file descriptors into created processes

On Fri, Aug 1, 2008 at 10:28 AM, Sebastien Bacher <email address hidden> wrote:
> thank you for your bug report, the issue seems similar to
> http://bugzilla.gnome.org/show_bug.cgi?id=544672

Thanks for the info. By the way, a similar issue is present in KDE 4.0
-- see also https://bugzilla.novell.com/show_bug.cgi?id=413937 (just
logged this in the Novell bug database).

Bart.

Bug Watch Updater (bug-watch-updater)
Changed in seahorse:
status: Confirmed → Fix Released
Revision history for this message
Andreas Moog (ampelbein) wrote :

Fixed in intrepid.

Changed in seahorse:
assignee: nobody → desktop-bugs
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in seahorse:
importance: Unknown → High
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.