inetd fd leak?
Denys Vlasenko
vda.linux at googlemail.com
Thu Sep 3 03:28:56 UTC 2009
On Wednesday 02 September 2009 20:44, Cathey, Jim wrote:
> We're seeing signs of fd's leaking in BB inetd, when it's
> used in the following way. The inetd we're using is the 1.13.2
> version. (I was hooked up with svn, but don't have [and have
> never used] git.)
Please try 1.15.0
> The target system is a 300 MHz MIPS-32 (Broadcom
> Raven), running 2.6.26.6 Linux, with PREEMPT. Gcc 4.2.3 The
> inetd portion of the config is normal, all options are enabled.
> (Sorry that I can't include it in this message, the VM through
> which my source is accessed has just crashed, hard enough to require
> rebooting my PC to get back, and I don't want to lose this
> message. I'll follow up with it if it seems important. Gotta
> love Windows PC's!)
>
> The target has this for /etc/inetd.conf:
>
> # To re-read this file after changes, just do a 'killall -HUP inetd'
>
> telnet stream tcp nowait.12 root /usr/sbin/telnetd
> telnetd -i
>
> Just the one service, which is commented-out (#) when telnet is
> feature-disabled on the target. Note the 12/second rate limit option.
> This is an important DoS prevention measure for the target.
>
> On the development system the following script exists:
>
> #!/bin/sh
> # Bury the target in telnets
>
> for i in 1 2 3 4 5 6 7 8 9 10; do
> for j in 1 2 3 4 5 6 7 8 9 10; do
> telnet 172.16.172.2 >/dev/null 2>&1 &
> done
> done
> wait
>
> which is invoked for this test with:
>
> while :; do ./bury; done
>
> On the target via the console, the following runs
> (spread out in time, and trimmed to remove extraneous
> information) show what is happening:
>
> # #Before tests starts:
> # procdump /proc/`pidof inetd`/fd
> /proc/934/fd/0 -> /dev/null
> /proc/934/fd/1 -> /dev/null
> /proc/934/fd/2 -> /dev/null
> /proc/934/fd/5 -> socket:[1455]
> # #Test starts now...
> # procdump /proc/`pidof inetd`/fd
> /proc/934/fd/0 -> /dev/null
> /proc/934/fd/1 -> /dev/null
> /proc/934/fd/2 -> /dev/null
> /proc/934/fd/5 -> socket:[1455]
> /proc/934/fd/6 -> socket:[1511]
> # procdump /proc/`pidof inetd`/fd
> /proc/934/fd/0 -> /dev/null
> /proc/934/fd/1 -> /dev/null
> /proc/934/fd/2 -> /dev/null
> /proc/934/fd/5 -> socket:[1455]
> /proc/934/fd/6 -> socket:[1511]
> /proc/934/fd/7 -> socket:[1597]
> # procdump /proc/`pidof inetd`/fd
> /proc/934/fd/0 -> /dev/null
> /proc/934/fd/1 -> /dev/null
> /proc/934/fd/2 -> /dev/null
> /proc/934/fd/5 -> socket:[1455]
> /proc/934/fd/6 -> socket:[1511]
> /proc/934/fd/7 -> socket:[1597]
> /proc/934/fd/8 -> socket:[1692]
> # procdump /proc/`pidof inetd`/fd
> /proc/934/fd/0 -> /dev/null
> /proc/934/fd/1 -> /dev/null
> /proc/934/fd/2 -> /dev/null
> /proc/934/fd/5 -> socket:[1455]
> /proc/934/fd/6 -> socket:[1511]
> /proc/934/fd/7 -> socket:[1597]
> /proc/934/fd/8 -> socket:[1692]
> /proc/934/fd/9 -> socket:[1738]
> # procdump /proc/`pidof inetd`/fd
> /proc/934/fd/0 -> /dev/null
> /proc/934/fd/1 -> /dev/null
> /proc/934/fd/2 -> /dev/null
> /proc/934/fd/5 -> socket:[1455]
> /proc/934/fd/6 -> socket:[1511]
> /proc/934/fd/7 -> socket:[1597]
> /proc/934/fd/8 -> socket:[1692]
> /proc/934/fd/9 -> socket:[1738]
> /proc/934/fd/10 -> socket:[1768]
> # procdump /proc/`pidof inetd`/fd
> /proc/934/fd/0 -> /dev/null
> /proc/934/fd/1 -> /dev/null
> /proc/934/fd/2 -> /dev/null
> /proc/934/fd/5 -> socket:[1455]
> /proc/934/fd/6 -> socket:[1511]
> /proc/934/fd/7 -> socket:[1597]
> /proc/934/fd/8 -> socket:[1692]
> /proc/934/fd/9 -> socket:[1738]
> /proc/934/fd/10 -> socket:[1768]
> /proc/934/fd/11 -> socket:[1796]
> # ...
Just "ls -l /proc/`pidof inetd`/fd" works for me.
I tried to reproduce it but it seems to work.
However, you can be onto something since I see
occasional segfaults in strace.
--
vda
More information about the busybox
mailing list