From: Alexander Bluhm Subject: snmpd closefrom To: tech@openbsd.org Date: Tue, 9 Apr 2024 14:13:30 +0200 Hi, fstat output shows that snmpd_metrics uses file descriptors 0, 1, 2 for regular communication. This should not happen as any output to stderr would interfere with other data. stdin, stdout, stderr are reserverd. They should point to a terminal or /dev/null. Redirects to other files is also fine. But closing and then opening some files or sockets to 0, 1, 2 is not allowed. The closefrom(1) in snmpd is the culprit. With closefrom(4) descriptors 0, 1, 2 are /dev/null, 3 is a socketpair shared with the parent, and higher numbers are used for other files. ok? bluhm Index: usr.sbin/snmpd/snmpd.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/snmpd/snmpd.c,v diff -u -p -r1.51 snmpd.c --- usr.sbin/snmpd/snmpd.c 8 Apr 2024 13:18:54 -0000 1.51 +++ usr.sbin/snmpd/snmpd.c 9 Apr 2024 11:56:08 -0000 @@ -358,14 +358,10 @@ snmpd_backend(struct snmpd *env) } if (env->sc_flags & SNMPD_F_VERBOSE) argv[i++] = "-vv"; - if (env->sc_flags & SNMPD_F_DEBUG) { + if (env->sc_flags & SNMPD_F_DEBUG) argv[i++] = "-d"; - argv[i++] = "-x"; - argv[i++] = "3"; - } else { - argv[i++] = "-x"; - argv[i++] = "0"; - } + argv[i++] = "-x"; + argv[i++] = "3"; argv[i] = NULL; while ((file = readdir(dir)) != NULL) { if (file->d_name[0] == '.') @@ -377,10 +373,9 @@ snmpd_backend(struct snmpd *env) fatal("fork"); case 0: close(pair[1]); - if (dup2(pair[0], - env->sc_flags & SNMPD_F_DEBUG ? 3 : 0) == -1) + if (dup2(pair[0], 3) == -1) fatal("dup2"); - if (closefrom(env->sc_flags & SNMPD_F_DEBUG ? 4 : 1) == -1) + if (closefrom(4) == -1) fatal("closefrom"); (void)snprintf(execpath, sizeof(execpath), "%s/%s", SNMPD_BACKEND, file->d_name);