From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ldv@altlinux.org>
Date: Wed, 1 Dec 2021 22:23:37 +0300
From: "Dmitry V. Levin" <ldv@altlinux.org>
To: Arseny Maslennikov <arseny@altlinux.org>
Message-ID: <20211201192336.GA12855@altlinux.org>
References: <20210824082436.1555890-1-arseny@altlinux.org>
 <20210824082436.1555890-4-arseny@altlinux.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210824082436.1555890-4-arseny@altlinux.org>
Cc: devel@lists.altlinux.org
Subject: Re: [devel] [PATCH hasher-priv v3 3/7] chrootuid: explicitly reset
 signal mask before forking off payload
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Dec 2021 19:23:37 -0000
Archived-At: <http://lore.altlinux.org/devel/20211201192336.GA12855@altlinux.org/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>

On Tue, Aug 24, 2021 at 11:24:32AM +0300, Arseny Maslennikov wrote:
> Signed-off-by: Arseny Maslennikov <arseny@altlinux.org>
> ---
>  hasher-priv/chrootuid.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/hasher-priv/chrootuid.c b/hasher-priv/chrootuid.c
> index 89c112e..357d3ef 100644
> --- a/hasher-priv/chrootuid.c
> +++ b/hasher-priv/chrootuid.c
> @@ -134,6 +134,11 @@ chrootuid(uid_t uid, gid_t gid, const char *ehome,
>  	/* Set close-on-exec flag on all non-standard descriptors. */
>  	cloexec_fds();
>  
> +	sigset_t sigmask;
> +
> +	sigemptyset(&sigmask);
> +	sigprocmask(SIG_SETMASK, &sigmask, NULL);
> +
>  	block_signal_handler(SIGCHLD, SIG_BLOCK);
>  
>  	if ((pid = fork()) < 0)

Assuming it really should reset the signal mask (I don't have the context
to say whether it should or not), looks like it should rather be written as

	block_signal_handler(SIGCHLD, SIG_SETMASK);

instead of

	sigset_t sigmask;
	sigemptyset(&sigmask);
	sigprocmask(SIG_SETMASK, &sigmask, NULL);
	block_signal_handler(SIGCHLD, SIG_BLOCK);

?


-- 
ldv