diff --git a/pep-0446.txt b/pep-0446.txt index 041fccd5e..e9c70c2c0 100644 --- a/pep-0446.txt +++ b/pep-0446.txt @@ -140,19 +140,6 @@ Two common issues with inherited file descriptors: the server restarts while the program is not done: the server cannot start because the TCP port is still in use. -Leaking file descriptors is also a well known security vulnerability: -read -`FIO42-C. Ensure files are properly closed when they are no longer -needed -`_ -of the CERT. - -An untrusted child process can read sensitive data like passwords and -take control of the parent process though leaked file descriptors. It is -for example a way to escape from a chroot. With a leaked listening -socket, a child process can accept new connections to read sensitive -data. - Example of issues in open source projects: * `Mozilla (Firefox) `_: @@ -178,6 +165,39 @@ Example of issues in open source projects: open since 2012-07 +Security Vulnerability +---------------------- + +Leaking file descriptors is also a well known security vulnerability: +read +`FIO42-C. Ensure files are properly closed when they are no longer +needed +`_ +of the CERT. + +An untrusted child process can read sensitive data like passwords and +take control of the parent process though leaked file descriptors. It is +for example a way to escape from a chroot. With a leaked listening +socket, a child process can accept new connections to read sensitive +data. + +Example of vulnerabilities: + +* `Hijacking Apache https by mod_php + `_ (2003) + + * Apache: `Apr should set FD_CLOEXEC if APR_FOPEN_NOCLEANUP is not set + `_: + fixed in 2009 + * PHP: `system() (and similar) don't cleanup opened handles of Apache + `_: open since 2006 +* `CWE-403: Exposure of File Descriptor to Unintended Control Sphere + `_ (2008) +* `OpenSSH Security Advisory: portable-keysign-rand-helper.adv + `_ + (2011) + + Issues fixed in the subprocess module -------------------------------------