Leaked file descriptors from browser to npviewer.bin
Gwenole Beauchesne
gb.public at free.fr
Mon Nov 17 23:30:11 UTC 2008
Hi,
Le 17 nov. 08 à 21:46, Warren Togami a écrit :
> It seems that upon fork() file descriptors from the browser leak to
> the npviewer.bin process. There are potential security concerns
> whenever file descriptors leak to a forked process. Are any of
> these file descriptors actually expected and needed by the
> npviewer.bin process?
Do you mean any file descriptor opened by the browser-side part of
nspluginwrapper? Because, for file descriptors originating from the
browser, I don't see what we could do. Isn't it the responsibility of
the browser to O_CLOEXEC (resp. SOCK_CLOEXEC) them through fnctl() or
"now" directly through creation functions? e.g. open() as I understood
through Ulrich's article.
nspluginwrapper only needs its sockets. I normally close the
descriptor from the popen() and I don't see other descriptor
nspluginwrapper may have opened. Could you be more specific?
Thanks,
Gwenole.
More information about the Nspluginwrapper-devel-list
mailing list