From owner-freebsd-audit@FreeBSD.ORG Wed Jul 16 08:02:25 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6137937B401 for ; Wed, 16 Jul 2003 08:02:25 -0700 (PDT) Received: from magellan.palisadesys.com (magellan.palisadesys.com [192.188.162.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9172D43F75 for ; Wed, 16 Jul 2003 08:02:24 -0700 (PDT) (envelope-from ghelmer@palisadesys.com) Received: from [192.188.162.240] (ghelmer@volans.palisadesys.com [192.188.162.240]) (authenticated bits=0)h6GF2JLi044865 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 16 Jul 2003 10:02:23 -0500 (CDT) (envelope-from ghelmer@palisadesys.com) From: Guy Helmer To: freebsd-audit@freebsd.org Content-Type: text/plain Message-Id: <1058367738.35732.7.camel@volans> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.0 Date: 16 Jul 2003 10:02:19 -0500 Content-Transfer-Encoding: 7bit Subject: Patch for lib/libc/gen/daemon.[3c] to resolve PR 25462 X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jul 2003 15:02:25 -0000 I'd like to offer this patch for review to see whether anyone objects or whether it contains style issues. It resolves the problem where daemon(3) can cause a SIGHUP that kills the daemon process under certain circumstances. I've been running this patch on my 5-current machine for a couple of months without any problems. Guy ghelmer@freebsd.org Index: lib/libc/gen/daemon.3 =================================================================== RCS file: /home/ncvs/src/lib/libc/gen/daemon.3,v retrieving revision 1.12 diff -u -r1.12 daemon.3 --- lib/libc/gen/daemon.3 16 Jan 2002 15:21:39 -0000 1.12 +++ lib/libc/gen/daemon.3 24 Apr 2003 21:52:06 -0000 @@ -71,12 +71,14 @@ function may fail and set .Va errno for any of the errors specified for the library functions -.Xr fork 2 +.Xr fork 2 , +.Xr setsid 2 and -.Xr setsid 2 . +.Xr sigaction 2 . .Sh SEE ALSO .Xr fork 2 , -.Xr setsid 2 +.Xr setsid 2 , +.Xr sigaction 2 .Sh HISTORY The .Fn daemon @@ -101,3 +103,17 @@ .Fn daemon before opening any files or sockets, or verify that any file descriptors obtained have values greater than 2. +.Pp +The +.Fn daemon +function temporarily ignores +.Dv SIGHUP +and then restores the original settings for +.Dv SIGHUP +after calling +.Xr setsid 2 +to prevent a parent session group leader's calls to +.Xr fork 2 +and then +.Xr _exit 2 +from prematurely terminating the child process. Index: lib/libc/gen/daemon.c =================================================================== RCS file: /home/ncvs/src/lib/libc/gen/daemon.c,v retrieving revision 1.5 diff -u -r1.5 daemon.c --- lib/libc/gen/daemon.c 1 Feb 2002 00:57:29 -0000 1.5 +++ lib/libc/gen/daemon.c 1 May 2003 20:54:29 -0000 @@ -38,8 +38,10 @@ __FBSDID("$FreeBSD: src/lib/libc/gen/daemon.c,v 1.5 2002/02/01 00:57:29 obrien Exp $"); #include "namespace.h" +#include #include #include +#include #include #include "un-namespace.h" @@ -48,6 +50,16 @@ int nochdir, noclose; { int fd; + pid_t newgrp; + int oerrno; + int osa_ok; + struct sigaction sa, osa; + + /* A SIGHUP may be thrown when the parent exits below. */ + sigemptyset(&sa.sa_mask); + sa.sa_handler = SIG_IGN; + sa.sa_flags = 0; + osa_ok = sigaction(SIGHUP, &sa, &osa); switch (fork()) { case -1: @@ -58,7 +70,13 @@ _exit(0); } - if (setsid() == -1) + newgrp = setsid(); + oerrno = errno; + if (osa_ok != -1) + if (sigaction(SIGHUP, &osa, (struct sigaction *)NULL) == -1) + return (-1); /* Could not restore SIGHUP. */ + errno = oerrno; + if (newgrp == -1) return (-1); if (!nochdir)