Bug 34812 - udm-cli inherits unclean environment on fork()
udm-cli inherits unclean environment on fork()
Status: NEW
Product: UCS
Classification: Unclassified
Component: UDM - CLI
UCS 5.0
All Linux
: P5 normal with 3 votes (vote)
: UCS 3.x
Assigned To: UMC maintainers
:
Depends on:
Blocks: 37102
  Show dependency treegraph
 
Reported: 2014-05-12 15:24 CEST by Philipp Hahn
Modified: 2022-06-24 13:56 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Debt Technical, Error handling, External feedback
Max CVSS v3 score:
best: Patch_Available+


Attachments
patch (1.62 KB, patch)
2016-07-26 17:41 CEST, Florian Best
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2014-05-12 15:24:00 CEST
$ lsof -p `pgrep -f /usr/share/univention-directory-manager-tools/univention-cli-server`
...
univentio 23858 root    0u   CHR                1,3      0t0     1028 /dev/null
univentio 23858 root    1u   CHR                1,3      0t0     1028 /dev/null
univentio 23858 root    2u   CHR                1,3      0t0     1028 /dev/null
univentio 23858 root    3u  unix 0xffff88021d6248c0      0t0   141270 socket
univentio 23858 root    4u   CHR                1,3      0t0     1028 /dev/null
univentio 23858 root    5u   REG              254,0   452191  8258968 /var/log/univention/directory-manager-cmd.log
univentio 23858 root    6u  unix 0xffff880235fd7200      0t0   141597 /tmp/admincli_0/sock

FD 3 & 4 should be closes, as 3 is for the client and 4 is only temporary for daemonizing FD 0-2.

diff --git a/management/univention-directory-manager-modules/univention-cli-client b/management/univention-directory-manager-modules/univention-cli-client
index 709466f..25b02e7 100755
--- management/univention-directory-manager-modules/univention-cli-client
+++ management/univention-directory-manager-modules/univention-cli-client
@@ -58,10 +58,11 @@ def fork_server(sock, socket_path):
        # start new server
        pid = os.fork()
        if pid == 0:  # child
-               null = os.open(os.path.devnull, os.O_RDWR)
-               os.dup2(null, sys.stdin.fileno())
-               os.dup2(null, sys.stdout.fileno())
-               os.dup2(null, sys.stderr.fileno())
+               with open(os.path.devnull, "rb+") as null:
+                       os.dup2(null.fileno(), sys.stdin.fileno())
+                       os.dup2(null.fileno(), sys.stdout.fileno())
+                       os.dup2(null.fileno(), sys.stderr.fileno())
+               sock.close()
                argv = ['univention-cli-server']
                logfile = get_logfile()
                if logfile:
Comment 1 Philipp Hahn univentionstaff 2014-06-12 08:48:26 CEST
As a daemon the process should also close all other inherited file descriptors using <https://docs.python.org/2.6/library/os.html#os.closerange>
Comment 2 Sönke Schwardt-Krummrich univentionstaff 2014-06-12 09:36:56 CEST
Happened again in one of the ucs-test scripts that opened a TCP socket on a specific port. The opened TCP socket was inherited to the UDM CLI server and blocked the port during it's runtime.
Comment 3 Florian Best univentionstaff 2015-12-08 11:05:11 CET
This hit me when writing ucs-test scripts.
Comment 5 Florian Best univentionstaff 2020-09-29 09:24:45 CEST
Reported in https://help.univention.com/t/udm-zombie-prozess/16156/2