Package: userv Version: 1.2.0 Severity: minor Control: found -1 1.1.1
Dear Ian, When I try to run one of the Linux LVM2 tools through userv, the tool complains: wraith:~$ userv --override "execute /sbin/lvs" bjh21 spoo File descriptor 10 (socket:[5821023]) leaked on lvs invocation. Parent PID 9592: /usr/sbin/uservd WARNING: Running as a non-root user. Functionality may be unavailable. [...] That first message appears to be true, as demonstrated by: wraith:~$ userv --override "execute ls -l /proc/self/fd" bjh21 spoo total 0 lr-x------ 1 bjh21 bjh21 64 Jun 16 11:09 0 -> /run/userv/257e.257f.0 (deleted) l-wx------ 1 bjh21 bjh21 64 Jun 16 11:09 1 -> /run/userv/257e.257f.1 (deleted) lrwx------ 1 bjh21 bjh21 64 Jun 16 11:09 10 -> socket:[5823157] l-wx------ 1 bjh21 bjh21 64 Jun 16 11:09 2 -> /run/userv/257e.257f.2 (deleted) lr-x------ 1 bjh21 bjh21 64 Jun 16 11:09 3 -> /proc/9603/fd I would expect that the service process would only inherit those file descriptors required by the specification, namely 0, 1, and 2 in the examples above. I accept, though, that the spec doesn't say this in so many words. If I attach strace to the uservd parent, I can see the offending file descriptor being opened like this: [pid 9461] socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 10]) = 0 I think this corresponds with the call from fork_service_synch(), so I don't think this is a security problem: the parent process doesn't read from its end of the socket after the service is executed. I've also found the same behaviour in userv 1.1.1 on Debian GNU/Linux 8 (jessie). -- Ben Harris, University of Cambridge Information Services. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 4.9.0-3-686-pae (SMP w/8 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages userv depends on: ii libc6 2.24-11 userv recommends no packages. userv suggests no packages. -- no debconf information
