kernel file handle leak?

[Stephen Smalley]

On Tue, 2004-08-17 at 07:27, Stephen Smalley wrote:
> I've seen udev leaking a descriptor to a Unix datagram socket to its
> helper programs, but that is usually labeled udev_t (but would be
> kernel_t if you didn't install the udev policy or label udev properly,
> so that kernel_t failed to transition to udev_t when running udev).
> 
> I've also seen the kernel leaking descriptors to rootfs entries unpacked
> from the initramfs to all processes; SELinux stomps on those and resets
> them to the null device.

BTW, I don't know whether the udev helper socket inheritance is
intentional (e.g. to collect output from the helper program) or an
accident - I haven't looked at the code.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency