-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, Pawel, I have noticed that casperd's child (zygote) would still use controlling session from parent. This can be observed by running ps - -ax on systems running casperd, where the child have a spurious console associated. The attached patch would fix it. May I commit it against -HEAD? By the way, the zygote child also closes file descriptor 4 twice (harmless; it's either sp[0] or the /dev/null which is closed before starting zygote_main, or before returning from stdnull(). Based on the construct of the code, I believe both close() can be omitted. If this makes sense I'll submit a new patch. Cheers, - -- Xin LI <delphij at delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTIh5UAAoJEJW2GBstM+nsDIoP/jJ0na0zNFoxruLWCZEr7uDr ulgP8iV3B4b0OhTnCGsnlU3MOoypbLG9kMxJGVhfumZlxl/m6tg3nwBUA42Z/BHF r6XsPRv47A84PrJckVJcXhcvKOGPVlB23SdITjv2wW13Sj+d+g2j7cLULibvFLR/ a+hx5WVHYeFZPWuJL1g/LxtHvxCMvYoT7wgYMjrUdTuYr5kMC/hMgBk569AuC5QJ PQXvRKvaWvCGbNLj2BQTsEtunszmed7A/AUqDSx5pSju11J5vYETIuR+CSPn7kE1 6EwAY60jyoRMldQ7kRsp8FYsQX9OBDQVK7Gp95FF/jgBOIqo3B+I2SgKwBGrMM/G 4Z026QD3sAH7jcG6eK9mLrSIBtJ4zK5g9HwzE7v52lGRHsqm9n6gifcRIjBZW+iL MX1VujJ1Ew1PUxWFj3cgEgHkQ/cftTjl20TB0NW8SsskCy9cRhEN6Z+qEhT81zHf ywM8u3g8ndH/m/iwm1tho/Csp7ejHjGhD5sJf4pCfrwDkY3jVW0nd7Q4djMpDDBL to4tIyomXW3Mhhr+9Xt7x8sq+/YhYR+h/gslX3Q/VFnd/FEL/Ae7C1NS8KpRdZYG wkXzgdJBgRUxlVMxKGYn8wEtDreaMVrB4jkOAlGdSqaSuLtQpb5acuWpvlk+nDs2 VDYbEHUEPeBbcAAoZkIR =kdOi -----END PGP SIGNATURE----- -------------- next part -------------- Index: sbin/casperd/zygote.c ==================================================================--- sbin/casperd/zygote.c (revision 263112) +++ sbin/casperd/zygote.c (working copy) @@ -63,6 +63,9 @@ stdnull(void) if (fd == -1) errx(1, "Unable to open %s", _PATH_DEVNULL); + if (setsid() == -1) + errx(1, "Unable to detach from session"); + if (dup2(fd, STDIN_FILENO) == -1) errx(1, "Unable to cover stdin"); if (dup2(fd, STDOUT_FILENO) == -1)
On 13.03.2014 22:08, Xin Li wrote:> Hi, Pawel, > > I have noticed that casperd's child (zygote) would still use > controlling session from parent. This can be observed by running > ps -ax on systems running casperd, where the child have a spurious > console associated. > > The attached patch would fix it. May I commit it against -HEAD? > > By the way, the zygote child also closes file descriptor 4 twice > (harmless; it's either sp[0] or the /dev/null which is closed > before starting zygote_main, or before returning from stdnull(). > Based on the construct of the code, I believe both close() can be > omitted. If this makes sense I'll submit a new patch.Wouldn't this patch break support for external monitoring e.g. by daemontools. By convention a daemontools run script is started with its own process group and execs into the service. If a service tries to unconditionally create its own process group it will fail.
Pawel Jakub Dawidek
2014-Mar-17 09:26 UTC
[PATCH] casperd should detach from controlling session
On Thu, Mar 13, 2014 at 02:08:36PM -0700, Xin Li wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi, Pawel, > > I have noticed that casperd's child (zygote) would still use > controlling session from parent. This can be observed by running ps > - -ax on systems running casperd, where the child have a spurious > console associated. > > The attached patch would fix it. May I commit it against -HEAD?Hmm, daemon(3) does call setsid(2) already... Are you sure casperd wasn't running with -F?> By the way, the zygote child also closes file descriptor 4 twice > (harmless; it's either sp[0] or the /dev/null which is closed before > starting zygote_main, or before returning from stdnull(). Based on > the construct of the code, I believe both close() can be omitted. If > this makes sense I'll submit a new patch.I'd prefer to leave stdnull() as-is. I open /dev/null there and I close it in the same function. Not closing it there would make it confusing and would make function reuse error-prone. If 'sock' has even higher number we will call close(2) on non-open descriptors, but this is because there is no closerange(from, to) syscall. If you meant something else, do send me the patch and I can comment further.> Index: sbin/casperd/zygote.c > ==================================================================> --- sbin/casperd/zygote.c (revision 263112) > +++ sbin/casperd/zygote.c (working copy) > @@ -63,6 +63,9 @@ stdnull(void) > if (fd == -1) > errx(1, "Unable to open %s", _PATH_DEVNULL); > > + if (setsid() == -1) > + errx(1, "Unable to detach from session"); > + > if (dup2(fd, STDIN_FILENO) == -1) > errx(1, "Unable to cover stdin"); > if (dup2(fd, STDOUT_FILENO) == -1)-- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140317/2ca3071a/attachment.sig>