It turned out that /usr/bin/sudo is using /proc/self/fd/ for closing already
opened files. I made a simple demo program that can reproduce this regression.
---------- test.c start ----------
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdlib.h>
#include <dirent.h>
#include <string.h>
static void opentest(void)
{
FILE *fp = fopen("/dev/tty", "a");
int i;
char buffer[1024];
memset(buffer, 0, sizeof(buffer));
for (i = 0; i < 5; i++) {
struct stat buf;
int fd = open("/proc/self/exe", O_RDONLY);
if (fd == EOF)
break;
snprintf(buffer, sizeof(buffer) - 1, "/proc/self/fd/%u", fd);
if (lstat(buffer, &buf))
continue;
if ((buf.st_mode & 0700) == 0700) {
char buffer2[1024];
memset(buffer2, 0, sizeof(buffer2));
readlink(buffer, buffer2, sizeof(buffer2) - 1);
fprintf(fp, "%s -> %s \n", buffer, buffer2);
}
}
}
int main(int argc, char *argv[])
{
DIR *dirp = (argc > 1) ? opendir("/proc/self/fd") : NULL;
if (dirp) {
struct dirent *dent;
fprintf(stderr, "closefrom with /proc/self/fd/\n");
while ((dent = readdir(dirp)) != NULL) {
int fd;
if (sscanf(dent->d_name, "%u", &fd) == 1 &&
fd != dirfd(dirp))
close(fd);
}
closedir(dirp);
} else {
int fd;
fprintf(stderr, "closefrom without /proc/self/fd/\n");
for (fd = 0; fd < 1024; fd++)
close(fd);
}
opentest();
return 0;
}
---------- test.c end ----------
[root@ccsecurity tmp]# ./a.out 1
closefrom with /proc/self/fd/
/proc/self/fd/1 -> /tmp/a.out
/proc/self/fd/2 -> /tmp/a.out
[root@ccsecurity tmp]# ./a.out
closefrom without /proc/self/fd/
[root@ccsecurity tmp]#
I tried on three kernels.
2.6.18-308.4.1.el5 : OK
2.6.26-2-686 (2.6.26-26lenny4) : NG
2.6.32-220.17.1.el6 : NG
This regression seems to be introduced between 2.6.19 and 2.6.26.
This regression seems to involve opendir()/closedir() usage.
Regards.
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
