[Nagios-devel] event_handler pipe fd inheritation
Posted: Fri Feb 27, 2009 11:27 am
--Boundary-00=_538pJIATD0hp4XL
Content-Type: text/plain;
charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Hi,
we are using a mechanism in our event_handlers that shall try to restart=20
broken local services; eventually, normal init scripts (/etc/init.d/...) ar=
e=20
started, which in turn start arbitrary daemons (say, mysql).
nagios creates a pipe to its event_handlers (and possibly other executables=
)=20
in base/util.c for parent/child communication. The file descriptor to this=
=20
pipe is (currently) not given the FD_CLOEXEC. This results in this fd being=
=20
inherited by the event_handler (started by "popen()"), and, in our case, by=
=20
the daemon (say, mysql). (The pipe is, e.g., visible in /proc//fd=
).=20
As our daemons do not tend to close arbitrary fd's, this fd is never closed=
=20
from the event_handler. As nagios waits for the file to be closed to contin=
ue=20
its work, this results in a "denial of service" for the time that the daemo=
n=20
runs.
The pipe fd should be set the FD_CLOEXEC flag; it is then not inherited by =
the=20
event_handler.
Patch attached.
Best regards
Bastian
=2D-=20
Collax GmbH . Burkheimer Stra=DFe 3 . 79111 Freiburg . Germany
p: +49 (0) 761-45684-28
f: +49 (0) 761-45684-10 www.collax.com
Gesch=E4ftsf=FChrer: Boris Nalbach
AG M=FCnchen HRB 158898 . Ust.-IdNr: DE 814464942
\ "I am two fools, I know, for loving, and for saying so."
\ John Donne
--Boundary-00=_538pJIATD0hp4XL
Content-Type: text/x-diff; charset="iso 8859-15";
name="cloexec-pipe-in-event_handler.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloexec-pipe-in-event_handler.patch"
--- base/utils.c?revision=1.239 2009-02-27 12:10:02.000000000 +0100
+++ base/utils.c 2009-02-27 11:51:59.000000000 +0100
@@ -433,6 +433,7 @@
/* execute the command in the child process */
if (pid==0){
+ int flags;
/* become process group leader */
setpgid(0,0);
@@ -449,6 +450,9 @@
/* close pipe for reading */
close(fd[0]);
+ flags = fcntl(fd[1], F_GETFD, 0);
+ flags |= FD_CLOEXEC;
+ fcntl(fd[1], F_SETFD, flags);
/* trap commands that timeout */
signal(SIGALRM,my_system_sighandler);
--Boundary-00=_538pJIATD0hp4XL--
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
Content-Type: text/plain;
charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Hi,
we are using a mechanism in our event_handlers that shall try to restart=20
broken local services; eventually, normal init scripts (/etc/init.d/...) ar=
e=20
started, which in turn start arbitrary daemons (say, mysql).
nagios creates a pipe to its event_handlers (and possibly other executables=
)=20
in base/util.c for parent/child communication. The file descriptor to this=
=20
pipe is (currently) not given the FD_CLOEXEC. This results in this fd being=
=20
inherited by the event_handler (started by "popen()"), and, in our case, by=
=20
the daemon (say, mysql). (The pipe is, e.g., visible in /proc//fd=
).=20
As our daemons do not tend to close arbitrary fd's, this fd is never closed=
=20
from the event_handler. As nagios waits for the file to be closed to contin=
ue=20
its work, this results in a "denial of service" for the time that the daemo=
n=20
runs.
The pipe fd should be set the FD_CLOEXEC flag; it is then not inherited by =
the=20
event_handler.
Patch attached.
Best regards
Bastian
=2D-=20
Collax GmbH . Burkheimer Stra=DFe 3 . 79111 Freiburg . Germany
p: +49 (0) 761-45684-28
f: +49 (0) 761-45684-10 www.collax.com
Gesch=E4ftsf=FChrer: Boris Nalbach
AG M=FCnchen HRB 158898 . Ust.-IdNr: DE 814464942
\ "I am two fools, I know, for loving, and for saying so."
\ John Donne
--Boundary-00=_538pJIATD0hp4XL
Content-Type: text/x-diff; charset="iso 8859-15";
name="cloexec-pipe-in-event_handler.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloexec-pipe-in-event_handler.patch"
--- base/utils.c?revision=1.239 2009-02-27 12:10:02.000000000 +0100
+++ base/utils.c 2009-02-27 11:51:59.000000000 +0100
@@ -433,6 +433,7 @@
/* execute the command in the child process */
if (pid==0){
+ int flags;
/* become process group leader */
setpgid(0,0);
@@ -449,6 +450,9 @@
/* close pipe for reading */
close(fd[0]);
+ flags = fcntl(fd[1], F_GETFD, 0);
+ flags |= FD_CLOEXEC;
+ fcntl(fd[1], F_SETFD, flags);
/* trap commands that timeout */
signal(SIGALRM,my_system_sighandler);
--Boundary-00=_538pJIATD0hp4XL--
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]