From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, T_DKIM_INVALID autolearn=no autolearn_force=no version=3.4.1 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=altlinux.org; s=dkim; h=Subject:In-Reply-To:Content-Type:MIME-Version: References:Message-ID:To:From:Date:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=AzlwuU9IC9PMmLOJuK4g7tmpvWrEkpFiRgWVkF9VZq4=; b=vvU3PvpnihOGDgYdkGhRgEcCDs ALbIjvVh3GM4Ou93KAuAjW7mpc0RkfySWppH+KFx0F5nBQZlJSpYcIFG1hxQG3L91HhtvLfxnmYc1 bkSZs++zvBrFJwDrE0pgPckXOiUCztq3wB71xPyKQabDR5OuWnuZfLDrxpjhowlIEfiLBA26qDusO OVEVrdVHEc0dDqejt9tNkGPcJl+kKZdK0IiNGiNrIOp0Vs3dEB4vgDkmCQN8ogloj73MM1BTGzZCL 9R/yANU1JAw3cE3oIuJuO6HGxufhLNlO1rWf6RKP9uz2R/VxGasiGejl4CLmHdiGX0TATa0qsnnNW 4i86V0EA==; Date: Fri, 3 Dec 2021 18:03:31 +0300 From: Arseny Maslennikov To: ALT Linux Team development discussions Message-ID: References: <20210824082436.1555890-1-arseny@altlinux.org> <20210824082436.1555890-4-arseny@altlinux.org> <20211201192336.GA12855@altlinux.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="8/UNazY3TmBX8qB1" Content-Disposition: inline In-Reply-To: <20211201192336.GA12855@altlinux.org> OpenPGP: url=http://grep.cs.msu.ru/~ar/pgp-key.asc X-SA-Exim-Connect-IP: 37.204.119.143 X-SA-Exim-Mail-From: arseny@altlinux.org X-SA-Exim-Version: 4.2.1 X-SA-Exim-Scanned: No (on mail.cs.msu.ru); Unknown failure Subject: Re: [devel] [PATCH hasher-priv v3 3/7] chrootuid: explicitly reset signal mask before forking off payload X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Dec 2021 15:03:41 -0000 Archived-At: List-Archive: List-Post: --8/UNazY3TmBX8qB1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 01, 2021 at 10:23:37PM +0300, Dmitry V. Levin wrote: > On Tue, Aug 24, 2021 at 11:24:32AM +0300, Arseny Maslennikov wrote: > > Signed-off-by: Arseny Maslennikov > > --- > > hasher-priv/chrootuid.c | 5 +++++ > > 1 file changed, 5 insertions(+) > >=20 > > diff --git a/hasher-priv/chrootuid.c b/hasher-priv/chrootuid.c > > index 89c112e..357d3ef 100644 > > --- a/hasher-priv/chrootuid.c > > +++ b/hasher-priv/chrootuid.c > > @@ -134,6 +134,11 @@ chrootuid(uid_t uid, gid_t gid, const char *ehome, > > /* Set close-on-exec flag on all non-standard descriptors. */ > > cloexec_fds(); > > =20 > > + sigset_t sigmask; > > + > > + sigemptyset(&sigmask); > > + sigprocmask(SIG_SETMASK, &sigmask, NULL); > > + > > block_signal_handler(SIGCHLD, SIG_BLOCK); > > =20 > > if ((pid =3D fork()) < 0) >=20 > Assuming it really should reset the signal mask (I don't have the context Parent processes use signalfd(2) to handle signals and block those signals before opening the signalfd. % git grep -nF 'sigprocmask(' =20 hasher-priv/caller_server.c:236: sigprocmask(SIG_SETMASK, &mask, NUL= L); hasher-priv/chrootuid.c:140: sigprocmask(SIG_SETMASK, &sigmask, NULL); hasher-priv/hasher-privd.c:315: sigprocmask(SIG_SETMASK, &mask, NULL); hasher-priv/signal.c:27: if (sigprocmask(what, &set, 0) < 0) > to say whether it should or not), looks like it should rather be written = as >=20 > block_signal_handler(SIGCHLD, SIG_SETMASK); >=20 > instead of >=20 > sigset_t sigmask; > sigemptyset(&sigmask); > sigprocmask(SIG_SETMASK, &sigmask, NULL); > block_signal_handler(SIGCHLD, SIG_BLOCK); >=20 > ? I'd never seen a call like block_signal_handler(*, SIG_SETMASK) in hasher-priv codebase at the time + I decided to make the patches as non-intrusive to the unchanged part of the codebase as possible. That's why I wrote this as is; I don't mind to change it, though. --8/UNazY3TmBX8qB1 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE56JD3UKTLEu/ddrm9dQjyAYL01AFAmGqMb0ACgkQ9dQjyAYL 01B6wA//brP4DBJIDxWHbNJNm2DIOH2Vhrna+0CaiYyXxkzYB95KsGYAt8Kddv9E nOXuoQRv/cnHaY2RyQMnvz/SIHE6oXvQDG5GBXYtKXPeewVDWTMB+mRhTdIVTX9n 8K/sc34RtaNO30A0crfi+YHvTP8VJdWU3umfL8nD2zE2gLxa+3cR6Mq1aRgwedUZ uc5zJrPuD+uzwr/ChCIOT04q6sTn7c1lkLrssdfBHOPgcCmZeEsXW6AjLwKTwjmj guXRBRj5snOxbvZHRH9mc2MeUz8NRAMbEsZzlk35vhdW2e/W9OgQUDdP0Lb8eb2p +ZYRENj7BQqWRLmgXpEZrMo7wpz6evCTkvVA9hVtNNLe3ddSBsZ9P/tptTkf777w dLfA7glOn/Fq74JG5MymDWTnq4Tw5ufLXnD/Pju0mqHmlU6/LEAbk6BgwRMsvs5Z wbgJ3zWwIo5PNbOxJZ7zjACMq8muivuLuOlFnr2c3BEgEKAlv8mhxurL8sNCf8VT u8/q5dUZceoPoDtWIu+LL4f0W420i0V5lDD/4/cAhDFbwvCfTmd+lhq7i7B7WRz9 AV+m7tRjBQGcs0e146/20LFvU7rDnc81RNaxvDuIf3sDrr4vzlzOV5ycfZF/VtoX 37zxlJU33LnN/g/plSbTnqcOKnh0lyl5pxuq712fXK79mJ33rJc= =eirN -----END PGP SIGNATURE----- --8/UNazY3TmBX8qB1--