On Tue, Apr 09, 2024 at 07:33:58AM -0600, Theo de Raadt wrote:
> Claudio Jeker <cjeker@diehard.n-r-g.com> wrote:
> 
> > On Tue, Apr 09, 2024 at 02:13:30PM +0200, Alexander Bluhm wrote:
> > > Hi,
> > > 
> > > fstat output shows that snmpd_metrics uses file descriptors 0, 1,
> > > 2 for regular communication.  This should not happen as any output
> > > to stderr would interfere with other data.
> > > 
> > > stdin, stdout, stderr are reserverd.  They should point to a terminal
> > > or /dev/null.  Redirects to other files is also fine.  But closing
> > > and then opening some files or sockets to 0, 1, 2 is not allowed.
> > > 
> > > The closefrom(1) in snmpd is the culprit.  With closefrom(4)
> > > descriptors 0, 1, 2 are /dev/null, 3 is a socketpair shared with
> > > the parent, and higher numbers are used for other files.
> > > 
> > > ok?
> > 
> > Why call closefrom() in the first place? If the code used O_CLOEXEC etc
> > there would be no need for that. snmpd_backend() is called once from
> > main() in the setup code so it feels strange to need closefrom() there.
> 
>    ^^^  Yep.  It smells.

I committed my quick fix with correct closefrom() argument.  Of
course getting rid of closefrom would be better.

Any volunteers?  martijn?