On Fri, 2007-02-16 at 19:28 +0000, Daniel P. Berrange wrote: > On Fri, Feb 16, 2007 at 02:44:57PM +0000, Mark McLoughlin wrote: > > @@ -1226,6 +1332,7 @@ static int qemudDispatchPoll(struct qemu > > > > while (sock) { > > struct qemud_socket *next = sock->next; > > + /* FIXME: the daemon shouldn't exit on error here */ > > if (fds[fd].revents) > > if (qemudDispatchServer(server, sock) < 0) > > return -1; > > Yes & no. There are two reasons why qemuDispatchServer can fail. Either > it can fail to set CLOSEXEC/NONBLOCK mode on the client socket, in > which case we could simply drop the client & continue without exiting. > If the accept() call fails for anything other than EAGAIN/EINTR then > we arguably should exit, because something serious has gone wrong. Doesn't accept() fail if the client fails to send the final ACK? Do we want the daemon to die in that case? Think of an unprivileged user connecting to the system daemon's readonly socket ... you really want to be paranoid about the daemon exiting as it creates the opportunity for unprivileged users to take down guests and networks. i.e. I'm not sure whether it would be actually possible to exploit it in this way, but I'd tend to be pretty paranoid about any exit point from the daemon. Cheers, Mark.