Date: Thu, 13 Mar 2014 14:08:36 -0700 From: Xin Li <delphij@delphij.net> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>, Pawel Jakub Dawidek <pjd@FreeBSD.org> Subject: [PATCH] casperd should detach from controlling session Message-ID: <53221E54.1030600@delphij.net>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------050803050608090306080000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, Pawel, I have noticed that casperd's child (zygote) would still use controlling session from parent. This can be observed by running ps - -ax on systems running casperd, where the child have a spurious console associated. The attached patch would fix it. May I commit it against -HEAD? By the way, the zygote child also closes file descriptor 4 twice (harmless; it's either sp[0] or the /dev/null which is closed before starting zygote_main, or before returning from stdnull(). Based on the construct of the code, I believe both close() can be omitted. If this makes sense I'll submit a new patch. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTIh5UAAoJEJW2GBstM+nsDIoP/jJ0na0zNFoxruLWCZEr7uDr ulgP8iV3B4b0OhTnCGsnlU3MOoypbLG9kMxJGVhfumZlxl/m6tg3nwBUA42Z/BHF r6XsPRv47A84PrJckVJcXhcvKOGPVlB23SdITjv2wW13Sj+d+g2j7cLULibvFLR/ a+hx5WVHYeFZPWuJL1g/LxtHvxCMvYoT7wgYMjrUdTuYr5kMC/hMgBk569AuC5QJ PQXvRKvaWvCGbNLj2BQTsEtunszmed7A/AUqDSx5pSju11J5vYETIuR+CSPn7kE1 6EwAY60jyoRMldQ7kRsp8FYsQX9OBDQVK7Gp95FF/jgBOIqo3B+I2SgKwBGrMM/G 4Z026QD3sAH7jcG6eK9mLrSIBtJ4zK5g9HwzE7v52lGRHsqm9n6gifcRIjBZW+iL MX1VujJ1Ew1PUxWFj3cgEgHkQ/cftTjl20TB0NW8SsskCy9cRhEN6Z+qEhT81zHf ywM8u3g8ndH/m/iwm1tho/Csp7ejHjGhD5sJf4pCfrwDkY3jVW0nd7Q4djMpDDBL to4tIyomXW3Mhhr+9Xt7x8sq+/YhYR+h/gslX3Q/VFnd/FEL/Ae7C1NS8KpRdZYG wkXzgdJBgRUxlVMxKGYn8wEtDreaMVrB4jkOAlGdSqaSuLtQpb5acuWpvlk+nDs2 VDYbEHUEPeBbcAAoZkIR =kdOi -----END PGP SIGNATURE----- --------------050803050608090306080000 Content-Type: text/plain; charset=UTF-8; name="casperd.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="casperd.diff" Index: sbin/casperd/zygote.c =================================================================== --- sbin/casperd/zygote.c (revision 263112) +++ sbin/casperd/zygote.c (working copy) @@ -63,6 +63,9 @@ stdnull(void) if (fd == -1) errx(1, "Unable to open %s", _PATH_DEVNULL); + if (setsid() == -1) + errx(1, "Unable to detach from session"); + if (dup2(fd, STDIN_FILENO) == -1) errx(1, "Unable to cover stdin"); if (dup2(fd, STDOUT_FILENO) == -1) --------------050803050608090306080000--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53221E54.1030600>