Date: Sun, 5 Feb 2012 10:39:38 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Mikolaj Golub <trociny@freebsd.org> Cc: svn-src-head@FreeBSD.org, Guy Helmer <ghelmer@palisadesystems.com>, svn-src-all@FreeBSD.org, Andrey Zonov <andrey@zonov.org>, src-committers@FreeBSD.org Subject: Re: svn commit: r230869 - head/usr.sbin/daemon Message-ID: <20120205093938.GC30033@garage.freebsd.pl> In-Reply-To: <86zkcy5ur9.fsf@kopusha.home.net> References: <201202011641.q11Gf0j6095461@svn.freebsd.org> <20120204074201.GA1694@garage.freebsd.pl> <4F2CEB1D.10607@zonov.org> <27A0A960-F767-4D2C-BF3E-31F73FBF4E28@palisadesystems.com> <86zkcy5ur9.fsf@kopusha.home.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--UPT3ojh+0CqEDtpF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 04, 2012 at 08:16:42PM +0200, Mikolaj Golub wrote: > ref8-amd64:/home/trociny% uname -r > 8.2-STABLE > ref8-amd64:/home/trociny% daemon -p /tmp/sleep.pid sleep 10 > ref8-amd64:/home/trociny% daemon -p /tmp/sleep.pid sleep 10 > daemon: process already running, pid: 19799 >=20 > kopusha:~% uname -r =20 > 10.0-CURRENT > kopusha:~% daemon -p /tmp/sleep.pid sleep 10 > kopusha:~% daemon -p /tmp/sleep.pid sleep 10 > kopusha:~%=20 Mikolaj, eventhough what we had in 8.2-STABLE looks correct, it also isn't correct. Passing open descriptor to a process that doesn't expect that is bad behaviour. If you pass, eg. open descriptor to a directory and the process is using chroot(2) or jail(2) to sandbox itself it will be able to escape from that sandbox. Passing descriptor to a file has smaller security implication, but it is still wrong. For example hastd, as you probably know, asserts, before sandboxing, that he knows about all open descriptors - if there are some unknown descriptors open it won't run. Also, daemon was passing open descriptor to a pidfile that the child process cannot clean up, because he doesn't know its name. This leaves pidfile with stale PID in it once the process exits, which is also bad. In my opinion, to make daemon(8) work with pidfiles, it cannot exit after executing the given command. It should stay around with pidfile open and just wait for the child to exit. Once the child exits, it should remove the pidfile and also exit. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --UPT3ojh+0CqEDtpF Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk8uTloACgkQForvXbEpPzTCcACgqsmztAXiyZj/9qGD/Gs5FQix lV8Anj5C6M3S6VkO/I8cBwIh94U+hzrQ =Nzp3 -----END PGP SIGNATURE----- --UPT3ojh+0CqEDtpF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120205093938.GC30033>