#1569 Use pam_set_data to close the fd in the pam module
Closed: Fixed None Opened 6 years ago by jhrozek.

Sumit proposed the following on the IRC:

17:04 < sbose> jhrozek, ping. About the fd leak. I think the pam client never closes
the fd explicitly, maybe we can use the cleanup call in pam_set_data() to do this
when pam_end() is called by the calling application.

I think this is a great idea and we should do it.


Fields changed

description: Sumit proposed this on the IRC:
{{{
17:04 < sbose> jhrozek, ping. About the fd leak. I think the pam client never closes the fd explicitly, maybe we can use the cleanup call in pam_set_data() to do this when pam_end() is called by the calling application.
}}}

I think this is a great idea and we should do it. => Sumit proposed the following on the IRC:
{{{
17:04 < sbose> jhrozek, ping. About the fd leak. I think the pam client never closes
the fd explicitly, maybe we can use the cleanup call in pam_set_data() to do this
when pam_end() is called by the calling application.
}}}

I think this is a great idea and we should do it.

Fields changed

owner: somebody => jhrozek
patch: 0 => 1
status: new => assigned

master: dba7903

milestone: NEEDS_TRIAGE => SSSD 1.9.2
resolution: => fixed
status: assigned => closed

Fun fact: at my company, we have a unit test that checks whether our networking
code leaks fds, and it fails if sss appears in /etc/nsswitch.conf;
a fd to /var/lib/sss/mc/passwd is present at the end of the unit test,
despite no explicit use of sss or pam in the app.
Worked around it by using readlink on /proc/%d/fds/%d and ignoring fds whose
path starts with /var/lib/sss.

I guess that's the price of a tall stack of plugin-ish things in a legacy api.

changelog: =>
design: =>
design_review: => 0
fedora_test_page: =>
mark: => 0
review: => 0
selected: =>
sensitive: => 0

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.9.2

2 years ago

Login to comment on this ticket.

Metadata