freebsd-security Digest, Vol 481, Issue 2
Ke-li Dong
dong.keli at gmail.com
Thu Apr 10 01:51:02 UTC 2014
help
2014-04-04 20:00 GMT+08:00 <freebsd-security-request at freebsd.org>:
> Send freebsd-security mailing list submissions to
> freebsd-security at freebsd.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> or, via email, send a message with subject or body 'help' to
> freebsd-security-request at freebsd.org
>
> You can reach the person managing the list at
> freebsd-security-owner at freebsd.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of freebsd-security digest..."
>
>
> Today's Topics:
>
> 1. Re: [PATCH] casperd should detach from controlling session
> (Pawel Jakub Dawidek)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 3 Apr 2014 16:38:29 +0200
> From: Pawel Jakub Dawidek <pjd at FreeBSD.org>
> To: d at delphij.net
> Cc: "freebsd-security at freebsd.org" <freebsd-security at freebsd.org>
> Subject: Re: [PATCH] casperd should detach from controlling session
> Message-ID: <20140403143828.GA1703 at garage.freebsd.pl>
> Content-Type: text/plain; charset="us-ascii"
>
> On Mon, Mar 17, 2014 at 06:09:04PM -0700, Xin Li wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > On 03/17/14 02:26, Pawel Jakub Dawidek wrote:
> > > On Thu, Mar 13, 2014 at 02:08:36PM -0700, Xin Li wrote:
> > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
> > >>
> > >> Hi, Pawel,
> > >>
> > >> I have noticed that casperd's child (zygote) would still use
> > >> controlling session from parent. This can be observed by running
> > >> ps - -ax on systems running casperd, where the child have a
> > >> spurious console associated.
> > >>
> > >> The attached patch would fix it. May I commit it against -HEAD?
> > >
> > > Hmm, daemon(3) does call setsid(2) already... Are you sure casperd
> > > wasn't running with -F?
> >
> > Oh, sure daemon(3) indeed does setsid(2) but casperd calls it after
> > zygote_init() so it has no effect to the zygote process, [...]
>
> Sorry for dropping the ball. I see the problem now, thanks.
>
> > [...] maybe something like this instead?
>
> I like the first patch better.
>
> > Index: sbin/casperd/casperd.c
> > ===================================================================
> > - --- sbin/casperd/casperd.c (revision 263272)
> > +++ sbin/casperd/casperd.c (working copy)
> > @@ -671,9 +671,6 @@ main(int argc, char *argv[])
> > pjdlog_prefix_set("(casperd) ");
> > pjdlog_debug_set(debug);
> >
> > - - if (zygote_init() < 0)
> > - - pjdlog_exit(1, "Unable to create zygote process");
> > - -
> > pfh = pidfile_open(pidfile, 0600, &otherpid);
> > if (pfh == NULL) {
> > if (errno == EEXIST) {
> > @@ -699,6 +696,9 @@ main(int argc, char *argv[])
> > pjdlog_debug(1, "PID stored in %s.", pidfile);
> > }
> >
> > + if (zygote_init() < 0)
> > + pjdlog_exit(1, "Unable to create zygote process");
> > +
> > /*
> > * Register core services.
> > */
>
> --
> Pawel Jakub Dawidek http://www.wheelsystems.com
> FreeBSD committer http://www.FreeBSD.org
> Am I Evil? Yes, I Am! http://mobter.com
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 196 bytes
> Desc: not available
> URL: <
> http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140403/08869005/attachment-0001.sig
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org
> "
>
> ------------------------------
>
> End of freebsd-security Digest, Vol 481, Issue 2
> ************************************************
>
More information about the freebsd-security
mailing list