netbsd-bugs: pkg/24103: MozillaFirebird executes netstat(1) with file descriptor 0 closed

Subject: pkg/24103: MozillaFirebird executes netstat(1) with file descriptor 0 closed
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <itojun@itojun.org>
List: netbsd-bugs
Date: 01/15/2004 14:10:51

>Number:         24103
>Category:       pkg
>Synopsis:       MozillaFirebird executes netstat(1) with file descriptor 0 closed
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 15 05:12:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Jun-ichiro itojun Hagino
>Release:        NetBSD 1.6ZH
>Organization:
	itojun.org
>Environment:
System: NetBSD starfruit.itojun.org 1.6ZH NetBSD 1.6ZH (STARFRUIT) #544: Wed Jan 14 15:08:38 JST 2004 itojun@starfruit.itojun.org:/home/itojun/NetBSD/src/sys/arch/i386/compile/STARFRUIT i386
Architecture: i386
Machine: i386
>Description:
	MoziillaFirebird invokes netstat(1) with file descriptor 0 closed.
>How-To-Repeat:
	dmesg output has something like below.

Jan 15 09:43:25 starfruit /netbsd: set{u,g}id pid 10045 (netstat) was invoked by uid 1001 ppid 9877 (MozillaFirebird-) with fd 0 closed

>Fix:
	1. open /dev/null to fill file descriptor 0.
	2. i guess the reason to invoke netstat(1) is to get random number.
	   it is better to teach MozillaFirebird to use /dev/urandom.
>Release-Note:
>Audit-Trail:
>Unformatted: