From owner-freebsd-security@FreeBSD.ORG Thu Apr 10 01:51:02 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 825201AE for ; Thu, 10 Apr 2014 01:51:02 +0000 (UTC) Received: from mail-yk0-x229.google.com (mail-yk0-x229.google.com [IPv6:2607:f8b0:4002:c07::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 450521E49 for ; Thu, 10 Apr 2014 01:51:02 +0000 (UTC) Received: by mail-yk0-f169.google.com with SMTP id 142so3000672ykq.28 for ; Wed, 09 Apr 2014 18:51:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=EkD7rGpHyBt6NuGjmQjN8G9FcF5QNsW5JlrCHHADuCE=; b=xP4gnC/qkbN9GxaxAcYct0/EEK9++s5vNZxrZUSgzRm/AOIikYCgjtP8YmpS63nQeD 9nIC0sLEWCT8yo+MLLABWx26YVVRPgJJSqcq+310G90E/6WaYEzgEuXZpXRKr37DV3lN tSjG/16g1kp+npr8ZPqe20VP5b4xJytAjnS1DXcjNkolM7KYJI12dplqa4/9e91V7lIM aE51gATiGd8Ad4ECETtsYlVF6RSJYVsYApYzUtWRRMpPWuemHCr98oZcpunU6mqAeYc2 TXK/9zTcqynKViExFu8Rl1BIY/+OBL+IFEKnpMaZYjY/i0zEu72mpiu2Bq+Ka29bkOR5 2Btg== MIME-Version: 1.0 X-Received: by 10.236.39.242 with SMTP id d78mr18393870yhb.36.1397094661401; Wed, 09 Apr 2014 18:51:01 -0700 (PDT) Received: by 10.170.221.214 with HTTP; Wed, 9 Apr 2014 18:51:01 -0700 (PDT) In-Reply-To: References: Date: Thu, 10 Apr 2014 09:51:01 +0800 Message-ID: Subject: Re: freebsd-security Digest, Vol 481, Issue 2 From: Ke-li Dong To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Apr 2014 01:51:02 -0000 help 2014-04-04 20:00 GMT+08:00 : > Send freebsd-security mailing list submissions to > freebsd-security@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-security > or, via email, send a message with subject or body 'help' to > freebsd-security-request@freebsd.org > > You can reach the person managing the list at > freebsd-security-owner@freebsd.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of freebsd-security digest..." > > > Today's Topics: > > 1. Re: [PATCH] casperd should detach from controlling session > (Pawel Jakub Dawidek) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 3 Apr 2014 16:38:29 +0200 > From: Pawel Jakub Dawidek > To: d@delphij.net > Cc: "freebsd-security@freebsd.org" > Subject: Re: [PATCH] casperd should detach from controlling session > Message-ID: <20140403143828.GA1703@garage.freebsd.pl> > Content-Type: text/plain; charset="us-ascii" > > On Mon, Mar 17, 2014 at 06:09:04PM -0700, Xin Li wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > On 03/17/14 02:26, Pawel Jakub Dawidek wrote: > > > On Thu, Mar 13, 2014 at 02:08:36PM -0700, Xin Li wrote: > > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 > > >> > > >> Hi, Pawel, > > >> > > >> I have noticed that casperd's child (zygote) would still use > > >> controlling session from parent. This can be observed by running > > >> ps - -ax on systems running casperd, where the child have a > > >> spurious console associated. > > >> > > >> The attached patch would fix it. May I commit it against -HEAD? > > > > > > Hmm, daemon(3) does call setsid(2) already... Are you sure casperd > > > wasn't running with -F? > > > > Oh, sure daemon(3) indeed does setsid(2) but casperd calls it after > > zygote_init() so it has no effect to the zygote process, [...] > > Sorry for dropping the ball. I see the problem now, thanks. > > > [...] maybe something like this instead? > > I like the first patch better. > > > Index: sbin/casperd/casperd.c > > =================================================================== > > - --- sbin/casperd/casperd.c (revision 263272) > > +++ sbin/casperd/casperd.c (working copy) > > @@ -671,9 +671,6 @@ main(int argc, char *argv[]) > > pjdlog_prefix_set("(casperd) "); > > pjdlog_debug_set(debug); > > > > - - if (zygote_init() < 0) > > - - pjdlog_exit(1, "Unable to create zygote process"); > > - - > > pfh = pidfile_open(pidfile, 0600, &otherpid); > > if (pfh == NULL) { > > if (errno == EEXIST) { > > @@ -699,6 +696,9 @@ main(int argc, char *argv[]) > > pjdlog_debug(1, "PID stored in %s.", pidfile); > > } > > > > + if (zygote_init() < 0) > > + pjdlog_exit(1, "Unable to create zygote process"); > > + > > /* > > * Register core services. > > */ > > -- > Pawel Jakub Dawidek http://www.wheelsystems.com > FreeBSD committer http://www.FreeBSD.org > Am I Evil? Yes, I Am! http://mobter.com > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: not available > Type: application/pgp-signature > Size: 196 bytes > Desc: not available > URL: < > http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140403/08869005/attachment-0001.sig > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > > ------------------------------ > > End of freebsd-security Digest, Vol 481, Issue 2 > ************************************************ >