#1569 Use pam_set_data to close the fd in the pam module
Closed: Fixed None Opened 7 years ago by jhrozek.

Sumit proposed the following on the IRC:

17:04 < sbose> jhrozek, ping. About the fd leak. I think the pam client never closes
the fd explicitly, maybe we can use the cleanup call in pam_set_data() to do this
when pam_end() is called by the calling application.

I think this is a great idea and we should do it.


Fields changed

description: Sumit proposed this on the IRC:
{{{
17:04 < sbose> jhrozek, ping. About the fd leak. I think the pam client never closes the fd explicitly, maybe we can use the cleanup call in pam_set_data() to do this when pam_end() is called by the calling application.
}}}

I think this is a great idea and we should do it. => Sumit proposed the following on the IRC:
{{{
17:04 < sbose> jhrozek, ping. About the fd leak. I think the pam client never closes
the fd explicitly, maybe we can use the cleanup call in pam_set_data() to do this
when pam_end() is called by the calling application.
}}}

I think this is a great idea and we should do it.

Fields changed

owner: somebody => jhrozek
patch: 0 => 1
status: new => assigned

master: dba7903

milestone: NEEDS_TRIAGE => SSSD 1.9.2
resolution: => fixed
status: assigned => closed

Fun fact: at my company, we have a unit test that checks whether our networking
code leaks fds, and it fails if sss appears in /etc/nsswitch.conf;
a fd to /var/lib/sss/mc/passwd is present at the end of the unit test,
despite no explicit use of sss or pam in the app.
Worked around it by using readlink on /proc/%d/fds/%d and ignoring fds whose
path starts with /var/lib/sss.

I guess that's the price of a tall stack of plugin-ish things in a legacy api.

changelog: =>
design: =>
design_review: => 0
fedora_test_page: =>
mark: => 0
review: => 0
selected: =>
sensitive: => 0

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.9.2

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2611

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata