From owner-freebsd-security@FreeBSD.ORG Thu Mar 13 21:08:37 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9121735B; Thu, 13 Mar 2014 21:08:37 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6F05EEEE; Thu, 13 Mar 2014 21:08:37 +0000 (UTC) Received: from zeta.ixsystems.com (unknown [69.198.165.132]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id A75A71D5F4; Thu, 13 Mar 2014 14:08:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1394744916; bh=43hM9yU1IxFFMvcSTofO+GikhwybwDgej+3A7ZPJ+EU=; h=Date:From:Reply-To:CC:Subject; b=Gk9Cjzt2UbesqIehaEd1lu8YAStFPcyo72G6lrYgSJv+YqEP2EDWhB5svLhc5LDPy q3KL5f3VgNwanoCDnGqPPNdsvTYhfyIyWrnhveE3gtXlYgsGrZgzTAsrU2uHzLDNEN ULQDjTcCHcVnIGZHIiFjgXrcyFPtrlNHZXaPi+wI= Message-ID: <53221E54.1030600@delphij.net> Date: Thu, 13 Mar 2014 14:08:36 -0700 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 Subject: [PATCH] casperd should detach from controlling session X-Enigmail-Version: 1.6 Content-Type: multipart/mixed; boundary="------------050803050608090306080000" Cc: "freebsd-security@freebsd.org" , Pawel Jakub Dawidek X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Mar 2014 21:08:37 -0000 This is a multi-part message in MIME format. --------------050803050608090306080000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, Pawel, I have noticed that casperd's child (zygote) would still use controlling session from parent. This can be observed by running ps - -ax on systems running casperd, where the child have a spurious console associated. The attached patch would fix it. May I commit it against -HEAD? By the way, the zygote child also closes file descriptor 4 twice (harmless; it's either sp[0] or the /dev/null which is closed before starting zygote_main, or before returning from stdnull(). Based on the construct of the code, I believe both close() can be omitted. If this makes sense I'll submit a new patch. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTIh5UAAoJEJW2GBstM+nsDIoP/jJ0na0zNFoxruLWCZEr7uDr ulgP8iV3B4b0OhTnCGsnlU3MOoypbLG9kMxJGVhfumZlxl/m6tg3nwBUA42Z/BHF r6XsPRv47A84PrJckVJcXhcvKOGPVlB23SdITjv2wW13Sj+d+g2j7cLULibvFLR/ a+hx5WVHYeFZPWuJL1g/LxtHvxCMvYoT7wgYMjrUdTuYr5kMC/hMgBk569AuC5QJ PQXvRKvaWvCGbNLj2BQTsEtunszmed7A/AUqDSx5pSju11J5vYETIuR+CSPn7kE1 6EwAY60jyoRMldQ7kRsp8FYsQX9OBDQVK7Gp95FF/jgBOIqo3B+I2SgKwBGrMM/G 4Z026QD3sAH7jcG6eK9mLrSIBtJ4zK5g9HwzE7v52lGRHsqm9n6gifcRIjBZW+iL MX1VujJ1Ew1PUxWFj3cgEgHkQ/cftTjl20TB0NW8SsskCy9cRhEN6Z+qEhT81zHf ywM8u3g8ndH/m/iwm1tho/Csp7ejHjGhD5sJf4pCfrwDkY3jVW0nd7Q4djMpDDBL to4tIyomXW3Mhhr+9Xt7x8sq+/YhYR+h/gslX3Q/VFnd/FEL/Ae7C1NS8KpRdZYG wkXzgdJBgRUxlVMxKGYn8wEtDreaMVrB4jkOAlGdSqaSuLtQpb5acuWpvlk+nDs2 VDYbEHUEPeBbcAAoZkIR =kdOi -----END PGP SIGNATURE----- --------------050803050608090306080000 Content-Type: text/plain; charset=UTF-8; name="casperd.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="casperd.diff" Index: sbin/casperd/zygote.c =================================================================== --- sbin/casperd/zygote.c (revision 263112) +++ sbin/casperd/zygote.c (working copy) @@ -63,6 +63,9 @@ stdnull(void) if (fd == -1) errx(1, "Unable to open %s", _PATH_DEVNULL); + if (setsid() == -1) + errx(1, "Unable to detach from session"); + if (dup2(fd, STDIN_FILENO) == -1) errx(1, "Unable to cover stdin"); if (dup2(fd, STDOUT_FILENO) == -1) --------------050803050608090306080000--