Date: Wed, 21 Jul 2004 17:04:32 +0000 (GMT) From: Olafur Osvaldsson <oli@isnic.is> To: FreeBSD-gnats-submit@FreeBSD.org Cc: marius@isnic.is Subject: ports/69385: dns/nsd: Changing signals used for bind8 stats Message-ID: <20040721170432.E96A28A1E4@aker.isnic.is> Resent-Message-ID: <200407211710.i6LHAEBq075899@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 69385 >Category: ports >Synopsis: dns/nsd: Changing signals used for bind8 stats >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed Jul 21 17:10:13 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Olafur Osvaldsson >Release: FreeBSD 5.2.1-RELEASE-p4 i386 >Organization: ISNIC >Environment: System: FreeBSD aker.isnic.is 5.2.1-RELEASE-p4 FreeBSD 5.2.1-RELEASE-p4 #6: Wed Mar 31 09:08:35 GMT 2004 oli@aker.isnic.is:/usr/obj/usr/src/sys/HP360 i386 >Description: nsd is using SIGILL to determine if it should print out bind8 stats to the log. This will not work if nsd is running as an unprivileged user. >How-To-Repeat: Make the port with WITH_BIND8_STATS, start as an unprivileged user and run "kill -SIGILL `cat /var/run/nsd.pid`" The prog will log the following to syslog: nsd[66215]: problems killing 66219: Operation not permitted 66215 being the parent process and 66219 a child process. >Fix: SIGILL is not allowed for "tainted" processes so a non-restricted signal should be used. I've contacted the developers and the patch attached is from them and will be included in a future update. The patch changes SIGILL to SIGUSR1. --- nsd.diff begins here --- diff -ruN nsd.orig/Makefile nsd/Makefile --- nsd.orig/Makefile Fri Jul 2 22:14:06 2004 +++ nsd/Makefile Wed Jul 21 16:42:25 2004 @@ -7,6 +7,7 @@ PORTNAME= nsd PORTVERSION= 2.1.1 +PORTREVISION= 1 CATEGORIES= dns ipv6 MASTER_SITES= http://www.nlnetlabs.nl/downloads/nsd/ \ ftp://ftp.rhnet.is/pub/nsd/ diff -ruN nsd.orig/files/patch-aa nsd/files/patch-aa --- nsd.orig/files/patch-aa Thu Jan 1 00:00:00 1970 +++ nsd/files/patch-aa Wed Jul 21 16:51:09 2004 @@ -0,0 +1,110 @@ +Index: nsd.8 +=================================================================== +RCS file: /cvs/nsd/nsd.8,v +retrieving revision 1.28 +retrieving revision 1.28.2.1 +diff -u -r1.28 -r1.28.2.1 +--- nsd.8 22 Apr 2004 13:23:05 -0000 1.28 ++++ nsd.8 21 Jul 2004 16:31:50 -0000 1.28.2.1 +@@ -158,7 +158,7 @@ + .Ar seconds + seconds. + This is equal to sending +-.Em SIGILL ++.Em SIGUSR1 + to the daemon periodically. + + .It Fl t Ar chroot +@@ -208,7 +208,7 @@ + Stop answering queries, shutdown, and exit normally. + .It Dv SIGHUP + Reload the database. +-.It Dv SIGILL ++.It Dv SIGUSR1 + Dump BIND8-style statistics into the log. Ignored otherwise. + .El + .\" .Sh IMPLEMENTATION NOTES +Index: nsd.c +=================================================================== +RCS file: /cvs/nsd/nsd.c,v +retrieving revision 1.105 +retrieving revision 1.105.2.1 +diff -u -r1.105 -r1.105.2.1 +--- nsd.c 22 Apr 2004 13:23:06 -0000 1.105 ++++ nsd.c 21 Jul 2004 16:31:54 -0000 1.105.2.1 +@@ -218,6 +218,7 @@ + nsd.mode = NSD_QUIT; + break; + case SIGILL: ++ case SIGUSR1: /* Dump stats on SIGUSR1. */ + nsd.mode = NSD_STATS; + break; + default: +@@ -237,8 +238,17 @@ + #ifdef BIND8_STATS + alarm(nsd.st.period); + #endif +- sig = SIGILL; ++ sig = SIGUSR1; ++ break; + case SIGILL: ++ /* ++ * For backwards compatibility with BIND 8 and older ++ * versions of NSD. ++ */ ++ sig = SIGUSR1; ++ break; ++ case SIGUSR1: ++ /* Dump statistics. */ + break; + case SIGINT: + /* Silent shutdown... */ +@@ -248,6 +258,7 @@ + default: + nsd.mode = NSD_SHUTDOWN; + log_msg(LOG_WARNING, "signal %d received, shutting down...", sig); ++ sig = SIGTERM; + break; + } + +@@ -724,6 +735,7 @@ + sigaction(SIGHUP, &action, NULL); + sigaction(SIGINT, &action, NULL); + sigaction(SIGILL, &action, NULL); ++ sigaction(SIGUSR1, &action, NULL); + sigaction(SIGALRM, &action, NULL); + sigaction(SIGCHLD, &action, NULL); + action.sa_handler = SIG_IGN; +Index: nsdc.sh.in +=================================================================== +RCS file: /cvs/nsd/nsdc.sh.in,v +retrieving revision 1.30 +retrieving revision 1.30.2.1 +diff -u -r1.30 -r1.30.2.1 +--- nsdc.sh.in 22 Apr 2004 13:39:47 -0000 1.30 ++++ nsdc.sh.in 21 Jul 2004 16:31:56 -0000 1.30.2.1 +@@ -89,7 +89,7 @@ + signal "TERM" + ;; + stats) +- signal "ILL" ++ signal "USR1" + ;; + reload) + signal "HUP" +Index: server.c +=================================================================== +RCS file: /cvs/nsd/server.c,v +retrieving revision 1.123 +retrieving revision 1.123.2.1 +diff -u -r1.123 -r1.123.2.1 +--- server.c 12 May 2004 14:45:35 -0000 1.123 ++++ server.c 21 Jul 2004 16:32:00 -0000 1.123.2.1 +@@ -623,6 +623,7 @@ + sigemptyset(&block_sigmask); + sigaddset(&block_sigmask, SIGHUP); + sigaddset(&block_sigmask, SIGILL); ++ sigaddset(&block_sigmask, SIGUSR1); + sigaddset(&block_sigmask, SIGINT); + sigaddset(&block_sigmask, SIGTERM); + sigprocmask(SIG_BLOCK, &block_sigmask, &default_sigmask); --- nsd.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040721170432.E96A28A1E4>