Debian Bug report logs - #201062
tcl8.4: Tcl_CreateInterp() creates a pipe and does not set handles to close on exec

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Russell Coker <russell@coker.com.au>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: tcl8.4: Tcl_CreateInterp() creates a pipe and does not set handles to close on exec

Date: Sun, 13 Jul 2003 15:01:22 +1000

Package: tcl8.4
Version: 8.4.3-3
Severity: normal

When expect is run it calls Tcl_CreateInterp() which creates a pipe on file
handles 5 and 6.  These file handles are not set to close on exec so when
expect spawns a program it will receive the open file handles of it's parent.
If the program runs in a different security context then these open file
handles may allow the program to interfere with the operation of expect and
therefore gain undesired access to the system.

The file handles should be set to close on exec.  If this is something that
can be done from expect (IE if the file handles are exposed to it) then please
transfer the bug to it.  Otherwise please make the TCL library calls set them
cloexec.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux lyta 2.4.21-se2-pcmcia #1 Sat Jul 12 16:11:00 EST 2003 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages tcl8.4 depends on:
ii  libc6                         2.3.1-17   GNU C Library: Shared libraries an

-- no debconf information

Message #10 received at 201062@bugs.debian.org (full text, mbox, reply):

From: Chris Waters <xtifr@debian.org>

To: Russell Coker <russell@coker.com.au>, 201062@bugs.debian.org

Subject: Re: Bug#201062: tcl8.4: Tcl_CreateInterp() creates a pipe and does not set handles to close on exec

Date: Mon, 14 Jul 2003 11:16:37 -0700

On Sun, Jul 13, 2003 at 03:01:22PM +1000, Russell Coker wrote:

> When expect is run it calls Tcl_CreateInterp() which creates a pipe on file
> handles 5 and 6.  These file handles are not set to close on exec so when
> expect spawns a program it will receive the open file handles of it's parent.

Hmm, that's interesting.  I see the pipes when I run tclsh directly,
so I don't think it's an expect-specific problem.  I'll discuss with
upstream.

cheers
-- 
Chris Waters           |  Pneumonoultra-        osis is too long
xtifr@debian.org       |  microscopicsilico-    to fit into a single
or xtifr@speakeasy.net |  volcaniconi-          standalone haiku

Message #17 received at 201062-done@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 167435-done@bugs.debian.org,201062-done@bugs.debian.org,213631-done@bugs.debian.org,232593-done@bugs.debian.org,274212-done@bugs.debian.org,312444-done@bugs.debian.org,314224-done@bugs.debian.org,364176-done@bugs.debian.org,404872-done@bugs.debian.org,438680-done@bugs.debian.org,440683-done@bugs.debian.org,734838-done@bugs.debian.org,818752-done@bugs.debian.org,

Cc: tcl8.4@packages.debian.org, tcl8.4@packages.qa.debian.org

Subject: Bug#858695: Removed package(s) from unstable

Date: Fri, 28 Apr 2017 09:40:34 +0000

Version: 8.4.20-8+rm

Dear submitter,

as the package tcl8.4 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/858695

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)

Send a report that this bug log contains spam.