[Pkg-openldap-devel] Bug#803197: Exactly the same problem happens with sendmail.
Ryan Tandy
ryan at nardis.ca
Sun Dec 30 01:40:43 GMT 2018
Hi John,
On Mon, Sep 04, 2017 at 06:42:37PM +0200, John Hughes wrote:
>Sendmail, on start, closes all fd's above 2.
>
>Since sendmail is linked to libldap, which is linked to gnutls this
>means sendmail closes fd 3, on which gnutls has opened /dev/urandom.
>
>Later on in the sendmail run fd 3 gets reopened, and if a ldap
>function is called then gnutls unceremoniously closes the fd and
>reopens /dev/urandom.
>
>From sendmail's point of view it looks like one of its files has
>suddenly been replaced with random garbage!
I'm sorry for not responding to this for so long, but do you recall what
release of Debian you saw this behaviour on?
I've been looking at this ticket again and it looks like in stretch
(Debian 9) and later, GnuTLS uses the getrandom() system call and does
not open/reopen anything. So I'm wondering whether you encountered this
problem in stretch as well, or only in jessie - or whether getrandom()
is for some reason not available on your setup and GnuTLS falls back to
opening urandom.
If you still have the same problem on stretch or buster, I'd welcome any
info about how to set up a system to reproduce it.
Thanks
Ryan
More information about the Pkg-openldap-devel
mailing list