From owner-freebsd-security@FreeBSD.ORG Thu Apr 3 14:36:29 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8EF7CA35 for ; Thu, 3 Apr 2014 14:36:29 +0000 (UTC) Received: from mail.dawidek.net (garage.dawidek.net [91.121.88.72]) by mx1.freebsd.org (Postfix) with ESMTP id 551A437F for ; Thu, 3 Apr 2014 14:36:29 +0000 (UTC) Received: from localhost (58.wheelsystems.com [83.12.187.58]) by mail.dawidek.net (Postfix) with ESMTPSA id A16ABEE3; Thu, 3 Apr 2014 16:36:17 +0200 (CEST) Date: Thu, 3 Apr 2014 16:38:29 +0200 From: Pawel Jakub Dawidek To: d@delphij.net Subject: Re: [PATCH] casperd should detach from controlling session Message-ID: <20140403143828.GA1703@garage.freebsd.pl> References: <53221E54.1030600@delphij.net> <20140317092635.GA1645@garage.freebsd.pl> <53279CB0.1020409@delphij.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="AhhlLboLdkugWU4S" Content-Disposition: inline In-Reply-To: <53279CB0.1020409@delphij.net> X-OS: FreeBSD 11.0-CURRENT amd64 User-Agent: Mutt/1.5.22 (2013-10-16) Cc: "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Apr 2014 14:36:29 -0000 --AhhlLboLdkugWU4S Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 17, 2014 at 06:09:04PM -0700, Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 >=20 > On 03/17/14 02:26, Pawel Jakub Dawidek wrote: > > On Thu, Mar 13, 2014 at 02:08:36PM -0700, Xin Li wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 > >>=20 > >> Hi, Pawel, > >>=20 > >> I have noticed that casperd's child (zygote) would still use=20 > >> controlling session from parent. This can be observed by running > >> ps - -ax on systems running casperd, where the child have a > >> spurious console associated. > >>=20 > >> The attached patch would fix it. May I commit it against -HEAD? > >=20 > > Hmm, daemon(3) does call setsid(2) already... Are you sure casperd=20 > > wasn't running with -F? >=20 > Oh, sure daemon(3) indeed does setsid(2) but casperd calls it after > zygote_init() so it has no effect to the zygote process, [...] Sorry for dropping the ball. I see the problem now, thanks. > [...] maybe something like this instead? I like the first patch better. > Index: sbin/casperd/casperd.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > - --- sbin/casperd/casperd.c (revision 263272) > +++ sbin/casperd/casperd.c (working copy) > @@ -671,9 +671,6 @@ main(int argc, char *argv[]) > pjdlog_prefix_set("(casperd) "); > pjdlog_debug_set(debug); >=20 > - - if (zygote_init() < 0) > - - pjdlog_exit(1, "Unable to create zygote process"); > - - > pfh =3D pidfile_open(pidfile, 0600, &otherpid); > if (pfh =3D=3D NULL) { > if (errno =3D=3D EEXIST) { > @@ -699,6 +696,9 @@ main(int argc, char *argv[]) > pjdlog_debug(1, "PID stored in %s.", pidfile); > } >=20 > + if (zygote_init() < 0) > + pjdlog_exit(1, "Unable to create zygote process"); > + > /* > * Register core services. > */ --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com --AhhlLboLdkugWU4S Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iEYEARECAAYFAlM9cmQACgkQForvXbEpPzSu4gCgttF/AdcUIS7EDhVCkngKqlnq 7+kAoL7qFJCjvyqbPGZLZU6Seum7sLOL =inxH -----END PGP SIGNATURE----- --AhhlLboLdkugWU4S--