Nagios leaking file descriptors ?

[Jon Angliss]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 29 Oct 2008 11:42:07 +0100, "Robert M. Albrecht"
<romal at gmx.de> wrote:

>Hi,
>
>SELinux seems to have found a bug in Nagios.
>
>https://bugzilla.redhat.com/show_bug.cgi?id=462896
>
>This says the ping command is reading /var/spool/nagios/cmd/nagios.cmd, 
>which seems highly unlikely.  Looks like a leaked file descriptor.
>nagios should close all open file descriptors before execing apps.
>fcntl(fd, F_SETFD, FD_CLOEXEC)
>
>Any ideas ?

Do you have config details on how you're executing ping?  The
check_ping plugin executes the ping command directly,and parses the
output.  But the check_ping plugin itself doesn't open the command
file as far as I can see.  If it did, simply calling check_ping would
show access to the file, which on my box, I don't see.

This would hint that the "leak" may be a little further upstream from
the execution of ping.  However, it might not be a leak at all, and
might be handled after the ping command is executed, but as the
command is being executed as a seperate thread, selinux is getting a
false-positive on the leak.  Obviously, it's already confused about
"ping" being the cause of the file descriptor being leaked.

As a side note, I believe check_icmp is a recommended alternative, as
it performs all the operations of ping, without the plugin itself
having to parse the respoonse of ping.
- -- 
Jon Angliss

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32) - GPGshell v3.64

iEYEARECAAYFAkkNJmAACgkQK4PoFPj9H3O47wCfdp4sclSA4C/7JCmZDF6Locm9
iesAn29Gk+hMWCHk18Wt0LCpCkK+dcIt
=P+iG
-----END PGP SIGNATURE-----


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/