Subject: lib/14454: inetd keeps AF_LOCAL sockets open when configured for RPC services
To: None <>
From: None <>
List: netbsd-bugs
Date: 11/04/2001 15:14:01
>Number:         14454
>Category:       lib
>Synopsis:       inetd keeps AF_LOCAL sockets open when configured for RPC services
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Nov 04 06:15:00 PST 2001
>Originator:     Michael van Elst
>Release:        NetBSD 1.5.1
System: NetBSD pepew 1.5.2_ALPHA NetBSD 1.5.2_ALPHA (PEPEW) #7: Sun Aug 26 21:58:01 MEST 2001 src@pepew:/amd/fud/d/0/src/sys/arch/i386/compile/PEPEW i386

When you configure inetd to run RPC services like rusersd it keeps
unix-domain sockets open. As a result it may run out of filedescriptors
and the lost filedescriptors are passed to daemons started by inetd
as they are not closed on exec.
In /etc/inetd.conf uncomment:

rusersd/2-3     dgram   rpc/udp wait:100 nobody /usr/libexec/rpc.rusersd rpc.rusersd

Restart inetd. Do a: fstat -p <pid_of_inetd>. You see that unix-domain
sockets are kept open (usually a handful of them):

root     inetd      27201    5* unix stream c0b50100 <-> c0bdd9c0


I have identified three places where a socket is not closed
correctly. The missing CLNT_CONTROL is the culprit in this case,
the others fail to close the socket on certain error paths.

Index: rpcb_clnt.c
RCS file: /cvsroot/basesrc/lib/libc/rpc/rpcb_clnt.c,v
retrieving revision
diff -r1.3.2.1 rpcb_clnt.c
<       if (client != NULL)
>       if (client != NULL) {
>               /* XXX - mark the socket to be closed in destructor */
>               (void) CLNT_CONTROL(client, CLSET_FD_CLOSE, NULL);
>       }
>       /* XXX - nobody needs this socket anymore, free the descriptor */
>       close(sock);
>               CLNT_DESTROY(client);