[Bug 385999] [NEW] konsole leaks file descriptors for /tmp/kde-$USER/konsole*.tmp
Warren E. Downs
vwdowns at iglooware.com
Thu Jun 11 16:41:04 UTC 2009
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: konsole
Description: Ubuntu 9.04
Release: 9.04
Version: konsole 4:4.2.2-0ubuntu4
Expected behavior:
Programs executed by user within a konsole shell will only have file
descriptors 0 (stdin), 1 (stdout), and 2 (stderr) open when they begin.
Actual behavior:
/usr/bin/konsole leaves multiple open file descriptors pointing to files
in:
/tmp/kde-$USER/konsole*.tmp
when executing programs from within it.
It should perform a:
fcntl(fd, F_SETFD, FD_CLOEXEC)
on each of these file descriptors prior to exec'ing the program.
This is apparently also in other distributions as noted in this RedHat
bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=466087
Security risk:
Leaving open file descriptors could potentially cause a sudo'ed process to dump privileged information to a non-root user file.
** Affects: kdebase (Ubuntu)
Importance: Undecided
Status: New
** Affects: kdebase (Fedora)
Importance: Unknown
Status: Unknown
** Visibility changed to: Public
** Bug watch added: Red Hat Bugzilla #466087
https://bugzilla.redhat.com/show_bug.cgi?id=466087
** Also affects: kdebase (Fedora) via
https://bugzilla.redhat.com/show_bug.cgi?id=466087
Importance: Unknown
Status: Unknown
--
konsole leaks file descriptors for /tmp/kde-$USER/konsole*.tmp
https://bugs.launchpad.net/bugs/385999
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kdebase in ubuntu.
More information about the kubuntu-bugs
mailing list