Affects Version/s: None
Fix Version/s: None
When liquidsoap spawns a new process using Ocaml's open_process* functions, the new process is created using fork() and therefore inherits all opened file descriptors from liquidsoap.
This leads to many different type of issues, among which:
- If liquidsoap stops before an external process, any port opened by liquidsoap remains open until all external processes have terminated
- All external processes have access to the file/sockets opened by liquidsoap, in particular they may read a file whose content is supposed to be protected (password) or listen to network traffic (source password for instance)
The problem is not easy. There are several possibilities:
- Define our own implementation of Unix.open_process*
- Use some shell trickery to close the descriptors before invoking the new process. Something like:
"/bin/ls /dev/fd/ | while read i; do if test "$i"
ge "3"; then exec "$i<&" 2>/dev/null; fi done; my_process
- Convince OCaml's maintainer to apply some patch and wait for a new release of OCaml...