-
Notifications
You must be signed in to change notification settings - Fork 717
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
/dev/urandom fd leaks to subprocesses #3928
Comments
Thanks for the issue! It looks like valgrind can spot these, looking to see if that's a quick update. Curious how you found this? |
working up a PR, adding --track-fds to valgrind does find this
|
Nice, I didn't know valgrind also has a fd leak check! :)
We had an app using s2n-tls that would re-exec itself periodically on errors, and everytime it re-exec'd an extra /dev/urandom fd showed up (I was explicitly checking for fd leaks as that is a common problem for apps re-execing themselves; memory etc is cleaned up by the kernel but fd need CLOEXEC or they'll be left behind) |
Thanks for reporting! Fixed in #3989 |
Thanks for the follow-up & fix! |
Problem:
Using https://github.com/awslabs/aws-crt-python
/dev/urandom
apparently stays open through the lifetime of the application.Executing subprocesses (or re-execing) leaves the fd open.
Solution:
urandom should be opened with O_CLOEXEC:
Requirements / Acceptance Criteria:
Check that the fd is closed after exec?
Thanks!
The text was updated successfully, but these errors were encountered: