Message ID | alpine.DEB.2.10.1505250942320.13977@cactuar.ldpreload.com |
---|---|
State | New |
Headers | show |
On Monday 25 May 2015 07:22 PM, Geoffrey Thomas wrote: > If grantpt() is called from a thread that is masking signals (for > instance, from a program using signalfd or using a dedicated > signal-handling thread), then that mask will get inherited to pt_chown. > This means that signals like SIGINT will not interrup pt_chown, so if it > hangs (e.g., because getgrnam("tty") hangs on a remote name service), > Ctrl-C will terminate the parent process but leave pt_chown around. Since > it's setuid, it's hard to kill any other way. > > It is safe for pt_chown to unmask all signals, because grantpt() can be > (and usually is) called from an unprivileged process with all signals > unmasked. pt_chown is no longer built by default, but I'm inclined to push this in since it only makes the behaviour more consistent. I'll commit the patch next week if nobody objects. Siddhesh
diff --git a/login/programs/pt_chown.c b/login/programs/pt_chown.c index e8d4716..ec78538 100644 --- a/login/programs/pt_chown.c +++ b/login/programs/pt_chown.c @@ -23,6 +23,7 @@ #include <grp.h> #include <libintl.h> #include <locale.h> +#include <signal.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -148,6 +149,11 @@ main (int argc, char *argv[]) uid_t euid = geteuid (); uid_t uid = getuid (); int remaining; + sigset_t signalset; + + /* Clear any signal mask from the parent process. */ + sigemptyset (&signalset); + sigprocmask (SIG_SETMASK, &signalset, NULL); if (argc == 1 && euid == 0) {