看板FB_security
標 題Re: [PATCH] casperd should detach from controlling session
發信站NCTU CS FreeBSD Server (Mon Mar 17 18:26:37 2014)
轉信站ptt!csnews.cs.nctu!news.cednctu!FreeBSD.cs.nctu!.POSTED!freebsd.org!ow
--wac7ysb48OaltWcw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Mar 13, 2014 at 02:08:36PM -0700, Xin Li wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>=20
> Hi, Pawel,
>=20
> I have noticed that casperd's child (zygote) would still use
> controlling session from parent. This can be observed by running ps
> - -ax on systems running casperd, where the child have a spurious
> console associated.
>=20
> The attached patch would fix it. May I commit it against -HEAD?
Hmm, daemon(3) does call setsid(2) already... Are you sure casperd
wasn't running with -F?
> By the way, the zygote child also closes file descriptor 4 twice
> (harmless; it's either sp[0] or the /dev/null which is closed before
> starting zygote_main, or before returning from stdnull(). Based on
> the construct of the code, I believe both close() can be omitted. If
> this makes sense I'll submit a new patch.
I'd prefer to leave stdnull() as-is. I open /dev/null there and I close
it in the same function. Not closing it there would make it confusing
and would make function reuse error-prone.
If 'sock' has even higher number we will call close(2) on non-open
descriptors, but this is because there is no closerange(from, to)
syscall.
If you meant something else, do send me the patch and I can comment
further.
> Index: sbin/casperd/zygote.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- sbin/casperd/zygote.c (revision 263112)
> +++ sbin/casperd/zygote.c (working copy)
> @@ -63,6 +63,9 @@ stdnull(void)
> if (fd =3D=3D -1)
> errx(1, "Unable to open %s", _PATH_DEVNULL);
> =20
> + if (setsid() =3D=3D -1)
> + errx(1, "Unable to detach from session");
> +
> if (dup2(fd, STDIN_FILENO) =3D=3D -1)
> errx(1, "Unable to cover stdin");
> if (dup2(fd, STDOUT_FILENO) =3D=3D -1)
--=20
Pawel Jakub Dawidek
http://www.wheelsystems.com
FreeBSD committer
http://www.FreeBSD.org
Am I Evil? Yes, I Am!
http://mobter.com
--wac7ysb48OaltWcw
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iEYEARECAAYFAlMmv8sACgkQForvXbEpPzRIBQCgx+4s/vLHhrWq1ljSWmpN9+w3
A+EAniOzeuOJh/G97lJdUiUBpriD4ZQa
=h4VG
-----END PGP SIGNATURE-----
--wac7ysb48OaltWcw--