From owner-freebsd-security@FreeBSD.ORG Mon Mar 17 09:24:45 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 97B7D545 for ; Mon, 17 Mar 2014 09:24:45 +0000 (UTC) Received: from mail.dawidek.net (garage.dawidek.net [91.121.88.72]) by mx1.freebsd.org (Postfix) with ESMTP id 5E7B1888 for ; Mon, 17 Mar 2014 09:24:44 +0000 (UTC) Received: from localhost (58.wheelsystems.com [83.12.187.58]) by mail.dawidek.net (Postfix) with ESMTPSA id A3396298; Mon, 17 Mar 2014 10:24:36 +0100 (CET) Date: Mon, 17 Mar 2014 10:26:37 +0100 From: Pawel Jakub Dawidek To: d@delphij.net Subject: Re: [PATCH] casperd should detach from controlling session Message-ID: <20140317092635.GA1645@garage.freebsd.pl> References: <53221E54.1030600@delphij.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="wac7ysb48OaltWcw" Content-Disposition: inline In-Reply-To: <53221E54.1030600@delphij.net> X-OS: FreeBSD 11.0-CURRENT amd64 User-Agent: Mutt/1.5.22 (2013-10-16) Cc: "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Mar 2014 09:24:45 -0000 --wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 13, 2014 at 02:08:36PM -0700, Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 >=20 > Hi, Pawel, >=20 > I have noticed that casperd's child (zygote) would still use > controlling session from parent. This can be observed by running ps > - -ax on systems running casperd, where the child have a spurious > console associated. >=20 > The attached patch would fix it. May I commit it against -HEAD? Hmm, daemon(3) does call setsid(2) already... Are you sure casperd wasn't running with -F? > By the way, the zygote child also closes file descriptor 4 twice > (harmless; it's either sp[0] or the /dev/null which is closed before > starting zygote_main, or before returning from stdnull(). Based on > the construct of the code, I believe both close() can be omitted. If > this makes sense I'll submit a new patch. I'd prefer to leave stdnull() as-is. I open /dev/null there and I close it in the same function. Not closing it there would make it confusing and would make function reuse error-prone. If 'sock' has even higher number we will call close(2) on non-open descriptors, but this is because there is no closerange(from, to) syscall. If you meant something else, do send me the patch and I can comment further. > Index: sbin/casperd/zygote.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- sbin/casperd/zygote.c (revision 263112) > +++ sbin/casperd/zygote.c (working copy) > @@ -63,6 +63,9 @@ stdnull(void) > if (fd =3D=3D -1) > errx(1, "Unable to open %s", _PATH_DEVNULL); > =20 > + if (setsid() =3D=3D -1) > + errx(1, "Unable to detach from session"); > + > if (dup2(fd, STDIN_FILENO) =3D=3D -1) > errx(1, "Unable to cover stdin"); > if (dup2(fd, STDOUT_FILENO) =3D=3D -1) --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com --wac7ysb48OaltWcw Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iEYEARECAAYFAlMmv8sACgkQForvXbEpPzRIBQCgx+4s/vLHhrWq1ljSWmpN9+w3 A+EAniOzeuOJh/G97lJdUiUBpriD4ZQa =h4VG -----END PGP SIGNATURE----- --wac7ysb48OaltWcw--