event_handler pipe fd inheritation

[Ethan Galstad]

Bastian Friedrich wrote:
> Hi,
> 
> we are using a mechanism in our event_handlers that shall try to restart 
> broken local services; eventually, normal init scripts (/etc/init.d/...) are 
> started, which in turn start arbitrary daemons (say, mysql).
> 
> nagios creates a pipe to its event_handlers (and possibly other executables) 
> in base/util.c for parent/child communication. The file descriptor to this 
> pipe is (currently) not given the FD_CLOEXEC. This results in this fd being 
> inherited by the event_handler (started by "popen()"), and, in our case, by 
> the daemon (say, mysql). (The pipe is, e.g., visible in /proc/<whatever>/fd). 
> As our daemons do not tend to close arbitrary fd's, this fd is never closed 
> from the event_handler. As nagios waits for the file to be closed to continue 
> its work, this results in a "denial of service" for the time that the daemon 
> runs.
> 
> The pipe fd should be set the FD_CLOEXEC flag; it is then not inherited by the 
> event_handler.
> 
> Patch attached.
> 
> Best regards
>    Bastian

Thanks for the patch Bastian.  Took a while to close it, but its in CVS now.

------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects