Date: Thu, 3 Apr 2014 16:38:29 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: d@delphij.net Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: [PATCH] casperd should detach from controlling session Message-ID: <20140403143828.GA1703@garage.freebsd.pl> In-Reply-To: <53279CB0.1020409@delphij.net> References: <53221E54.1030600@delphij.net> <20140317092635.GA1645@garage.freebsd.pl> <53279CB0.1020409@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--AhhlLboLdkugWU4S Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 17, 2014 at 06:09:04PM -0700, Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 >=20 > On 03/17/14 02:26, Pawel Jakub Dawidek wrote: > > On Thu, Mar 13, 2014 at 02:08:36PM -0700, Xin Li wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 > >>=20 > >> Hi, Pawel, > >>=20 > >> I have noticed that casperd's child (zygote) would still use=20 > >> controlling session from parent. This can be observed by running > >> ps - -ax on systems running casperd, where the child have a > >> spurious console associated. > >>=20 > >> The attached patch would fix it. May I commit it against -HEAD? > >=20 > > Hmm, daemon(3) does call setsid(2) already... Are you sure casperd=20 > > wasn't running with -F? >=20 > Oh, sure daemon(3) indeed does setsid(2) but casperd calls it after > zygote_init() so it has no effect to the zygote process, [...] Sorry for dropping the ball. I see the problem now, thanks. > [...] maybe something like this instead? I like the first patch better. > Index: sbin/casperd/casperd.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > - --- sbin/casperd/casperd.c (revision 263272) > +++ sbin/casperd/casperd.c (working copy) > @@ -671,9 +671,6 @@ main(int argc, char *argv[]) > pjdlog_prefix_set("(casperd) "); > pjdlog_debug_set(debug); >=20 > - - if (zygote_init() < 0) > - - pjdlog_exit(1, "Unable to create zygote process"); > - - > pfh =3D pidfile_open(pidfile, 0600, &otherpid); > if (pfh =3D=3D NULL) { > if (errno =3D=3D EEXIST) { > @@ -699,6 +696,9 @@ main(int argc, char *argv[]) > pjdlog_debug(1, "PID stored in %s.", pidfile); > } >=20 > + if (zygote_init() < 0) > + pjdlog_exit(1, "Unable to create zygote process"); > + > /* > * Register core services. > */ --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com --AhhlLboLdkugWU4S Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iEYEARECAAYFAlM9cmQACgkQForvXbEpPzSu4gCgttF/AdcUIS7EDhVCkngKqlnq 7+kAoL7qFJCjvyqbPGZLZU6Seum7sLOL =inxH -----END PGP SIGNATURE----- --AhhlLboLdkugWU4S--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140403143828.GA1703>