From owner-freebsd-security Thu Dec 7 2:59: 7 2000 From owner-freebsd-security@FreeBSD.ORG Thu Dec 7 02:59:05 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from innocence.interface-business.de (unknown [193.101.57.202]) by hub.freebsd.org (Postfix) with ESMTP id 9998637B401 for ; Thu, 7 Dec 2000 02:59:03 -0800 (PST) Received: from interface-business.de (uucp@localhost) by innocence.interface-business.de with UUCP id LAA52839 for freebsd-security@freebsd.org; Thu, 7 Dec 2000 11:59:01 +0100 (CET) Received: (from j@localhost) by B7173150.deutschepost.de id LAA70600 for freebsd-security@freebsd.org; Thu, 7 Dec 2000 11:58:35 +0100 (CET) Date: Thu, 7 Dec 2000 11:58:35 +0100 From: J Wunsch To: freebsd-security@freebsd.org Subject: Please review a change to lock(1) Message-ID: <20001207115835.V4709@B7173150.DeutschePost.de> Reply-To: Joerg Wunsch Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i X-Phone: +49-351-31809-14 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Organization: interface business GmbH, Dresden Sender: j@interface-business.de Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, i think everybody's happy when seeing those dead processes running around forever, eating up all CPU time -- since they are too stupid to notice the tty they're trying to read from is gone. lock(1) is one of those culprits, as i just noticed. You can easily prove this by logging into a plain tty, starting "lock -np", and killing the shell e. g. with SIGABRT (or SIGKILL to be sure). The shell is gone, but lock is still there, trying to lock nothing now... I see the intention that lock should never exit except after having seen the correct password, but a process eating up all CPU is not all that good either... Please review the following, and make a better suggestion if you think i didn't honor all security-related issues here. Btw., after the tty is gone, fread() returns NULL but ferror() doesn't return 1 (!), and isatty(fileno(stdin)) also still yields 1. So the only way i found was to justify based on errno. Maybe the event should be syslogged? Index: lock.c =================================================================== RCS file: /home/ncvs/src/usr.bin/lock/lock.c,v retrieving revision 1.8 diff -u -r1.8 lock.c --- lock.c 1999/10/12 13:53:30 1.8 +++ lock.c 2000/12/07 10:49:28 @@ -61,6 +61,7 @@ #include #include #include +#include #include #include #include @@ -189,7 +190,11 @@ for (;;) { (void)printf("Key: "); + errno = 0; if (!fgets(s, sizeof(s), stdin)) { + if (errno == EIO) + /* Our terminal is gone; good-bye. */ + exit(1); clearerr(stdin); hi(); continue; -- Joerg Wunsch NIC hdl: JW11-RIPE On the air: DL8DTL See http://www.interface-business.de/~j/ for more information. Some addresses in the headers might be wrong (sorry - I'm not the admin here). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message