Date: Fri, 3 Aug 2018 14:03:51 +0000 (UTC) From: Alan Somers <asomers@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r337241 - stable/11/contrib/openbsm/bin/auditd Message-ID: <201808031403.w73E3pW5064463@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: asomers Date: Fri Aug 3 14:03:50 2018 New Revision: 337241 URL: https://svnweb.freebsd.org/changeset/base/337241 Log: MFC r335899: auditd(8): register signal handlers interrutibly auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick https://github.com/openbsm/openbsm/commit/d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM Differential Revision: https://github.com/openbsm/openbsm/pull/36 Modified: stable/11/contrib/openbsm/bin/auditd/auditd.c Directory Properties: stable/11/ (props changed) Modified: stable/11/contrib/openbsm/bin/auditd/auditd.c ============================================================================== --- stable/11/contrib/openbsm/bin/auditd/auditd.c Fri Aug 3 14:02:51 2018 (r337240) +++ stable/11/contrib/openbsm/bin/auditd/auditd.c Fri Aug 3 14:03:50 2018 (r337241) @@ -415,27 +415,35 @@ close_all(void) static int register_daemon(void) { + struct sigaction action; FILE * pidfile; int fd; pid_t pid; /* Set up the signal hander. */ - if (signal(SIGTERM, auditd_relay_signal) == SIG_ERR) { + action.sa_handler = auditd_relay_signal; + /* + * sa_flags must not include SA_RESTART, so that read(2) will be + * interruptible in auditd_wait_for_events + */ + action.sa_flags = 0; + sigemptyset(&action.sa_mask); + if (sigaction(SIGTERM, &action, NULL) != 0) { auditd_log_err( "Could not set signal handler for SIGTERM"); fail_exit(); } - if (signal(SIGCHLD, auditd_relay_signal) == SIG_ERR) { + if (sigaction(SIGCHLD, &action, NULL) != 0) { auditd_log_err( "Could not set signal handler for SIGCHLD"); fail_exit(); } - if (signal(SIGHUP, auditd_relay_signal) == SIG_ERR) { + if (sigaction(SIGHUP, &action, NULL) != 0) { auditd_log_err( "Could not set signal handler for SIGHUP"); fail_exit(); } - if (signal(SIGALRM, auditd_relay_signal) == SIG_ERR) { + if (sigaction(SIGALRM, &action, NULL) != 0) { auditd_log_err( "Could not set signal handler for SIGALRM"); fail_exit();
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201808031403.w73E3pW5064463>