[Pkg-nagios-devel] Bug#663047: nsca: race condition when opening command file
Matej Vela
vela at debian.org
Thu Mar 8 08:00:30 UTC 2012
Package: nsca
Version: 2.9.1-2
Severity: important
Tags: patch upstream
Forwarded: http://tracker.nagios.org/view.php?id=296
I haven't heard back from upstream, so I hope this can at least be fixed
in the Debian package. Also <https://dev.icinga.org/issues/2400>.
> There is a race condition in src/nsca.c:open_command_file between
> stat() and fopen(). If the command file exists at the point of
> stat(), but is then removed before fopen() (typically by the Nagios
> init script), nsca will create an empty file instead of a named pipe.
> In our case, this would happen at least once every 2-3 reboots.
>
> It would be safer to open() the file atomically, without the O_CREAT
> that is implicit in fopen(..., "w"). Other parts of the code already use
> open() and related headers, so this shouldn't affect portability.
>
> Patch attached.
> To expand a bit, here's the scenario step by step:
>
> 1. src/nsca.c:open_command_file checks whether the named pipe exists,
> sees that it does, and decides not to use the alternate dump file:
>
> /* command file doesn't exist - monitoring app probably isn't running... */
> if(stat(command_file,&statbuf)){
>
> 2. An instant later, "/etc/init.d/nagios3 start" removes the pipe:
>
> rm -f $NagiosCommandFile
("rm -f $nagiospipe" in the Debian version.)
> 3. src/nsca.c:open_command_file opens the named pipe with fopen(3),
> either in "a" or "w" mode. Both of these imply open(2) with
> O_CREAT, so the command file gets created as an ordinary file:
>
> command_file_fp=fopen(command_file,(append_to_file==TRUE)?"a":"w");
>
> 4. Nagios calls mkfifo(3) from base/utils.c:open_command_file, gets
> EEXIST because the path already exists, and dies ignominiously.
>
> If we make the first step atomic -- either an existing pipe is opened
> or not -- the problem goes away.
Thanks,
Matej
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 05_command_file_race.dpatch
URL: <http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20120308/6e366813/attachment.ksh>
More information about the Pkg-nagios-devel
mailing list