Subject: pkg/34798: x11/mlterm: Dangerous file descriptor leaks
To: None <,,>
From: Christian Biere <>
List: pkgsrc-bugs
Date: 10/12/2006 17:15:00
>Number:         34798
>Category:       pkg
>Synopsis:       x11/mlterm: Dangerous file descriptor leaks
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Oct 12 17:15:00 +0000 2006
>Originator:     Christian Biere
>Release:        NetBSD 4.99.3

In daemon mode, mlterm leaks certain file descriptors to child processes which
means that every opened client terminal (the shell process) has access to all
previously opened pty file descriptors as well as the unix domain socket. fstat
or lsof make this obvious.


 $ mlterm --daemon blend
 $ mlclient & mclient & mclient
 $ fstat || lsof


My patch adds calls to fcntl() to set the close-on-exec flag for the relevant
file descriptors and some calls to close(). I've uploaded it here: