From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <arseny@altlinux.org>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 T_DKIM_INVALID autolearn=no autolearn_force=no version=3.4.1
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=altlinux.org; s=dkim; h=Subject:In-Reply-To:Content-Type:MIME-Version:
 References:Message-ID:To:From:Date:Sender:Reply-To:Cc:
 Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:
 List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=AzlwuU9IC9PMmLOJuK4g7tmpvWrEkpFiRgWVkF9VZq4=; b=vvU3PvpnihOGDgYdkGhRgEcCDs
 ALbIjvVh3GM4Ou93KAuAjW7mpc0RkfySWppH+KFx0F5nBQZlJSpYcIFG1hxQG3L91HhtvLfxnmYc1
 bkSZs++zvBrFJwDrE0pgPckXOiUCztq3wB71xPyKQabDR5OuWnuZfLDrxpjhowlIEfiLBA26qDusO
 OVEVrdVHEc0dDqejt9tNkGPcJl+kKZdK0IiNGiNrIOp0Vs3dEB4vgDkmCQN8ogloj73MM1BTGzZCL
 9R/yANU1JAw3cE3oIuJuO6HGxufhLNlO1rWf6RKP9uz2R/VxGasiGejl4CLmHdiGX0TATa0qsnnNW
 4i86V0EA==;
Date: Fri, 3 Dec 2021 18:03:31 +0300
From: Arseny Maslennikov <arseny@altlinux.org>
To: ALT Linux Team development discussions <devel@lists.altlinux.org>
Message-ID: <Yaoxw9Io5ox27Gjd@cello>
References: <20210824082436.1555890-1-arseny@altlinux.org>
 <20210824082436.1555890-4-arseny@altlinux.org>
 <20211201192336.GA12855@altlinux.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="8/UNazY3TmBX8qB1"
Content-Disposition: inline
In-Reply-To: <20211201192336.GA12855@altlinux.org>
OpenPGP: url=http://grep.cs.msu.ru/~ar/pgp-key.asc
X-SA-Exim-Connect-IP: 37.204.119.143
X-SA-Exim-Mail-From: arseny@altlinux.org
X-SA-Exim-Version: 4.2.1
X-SA-Exim-Scanned: No (on mail.cs.msu.ru); Unknown failure
Subject: Re: [devel] [PATCH hasher-priv v3 3/7] chrootuid: explicitly reset
 signal mask before forking off payload
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Dec 2021 15:03:41 -0000
Archived-At: <http://lore.altlinux.org/devel/Yaoxw9Io5ox27Gjd@cello/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>


--8/UNazY3TmBX8qB1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Dec 01, 2021 at 10:23:37PM +0300, Dmitry V. Levin wrote:
> On Tue, Aug 24, 2021 at 11:24:32AM +0300, Arseny Maslennikov wrote:
> > Signed-off-by: Arseny Maslennikov <arseny@altlinux.org>
> > ---
> >  hasher-priv/chrootuid.c | 5 +++++
> >  1 file changed, 5 insertions(+)
> >=20
> > diff --git a/hasher-priv/chrootuid.c b/hasher-priv/chrootuid.c
> > index 89c112e..357d3ef 100644
> > --- a/hasher-priv/chrootuid.c
> > +++ b/hasher-priv/chrootuid.c
> > @@ -134,6 +134,11 @@ chrootuid(uid_t uid, gid_t gid, const char *ehome,
> >  	/* Set close-on-exec flag on all non-standard descriptors. */
> >  	cloexec_fds();
> > =20
> > +	sigset_t sigmask;
> > +
> > +	sigemptyset(&sigmask);
> > +	sigprocmask(SIG_SETMASK, &sigmask, NULL);
> > +
> >  	block_signal_handler(SIGCHLD, SIG_BLOCK);
> > =20
> >  	if ((pid =3D fork()) < 0)
>=20
> Assuming it really should reset the signal mask (I don't have the context

Parent processes use signalfd(2) to handle signals and block those
signals before opening the signalfd.

% git grep -nF 'sigprocmask('                           =20
hasher-priv/caller_server.c:236:        sigprocmask(SIG_SETMASK, &mask, NUL=
L);
hasher-priv/chrootuid.c:140:    sigprocmask(SIG_SETMASK, &sigmask, NULL);
hasher-priv/hasher-privd.c:315: sigprocmask(SIG_SETMASK, &mask, NULL);
hasher-priv/signal.c:27:        if (sigprocmask(what, &set, 0) < 0)

> to say whether it should or not), looks like it should rather be written =
as
>=20
> 	block_signal_handler(SIGCHLD, SIG_SETMASK);
>=20
> instead of
>=20
> 	sigset_t sigmask;
> 	sigemptyset(&sigmask);
> 	sigprocmask(SIG_SETMASK, &sigmask, NULL);
> 	block_signal_handler(SIGCHLD, SIG_BLOCK);
>=20
> ?

I'd never seen a call like block_signal_handler(*, SIG_SETMASK)
in hasher-priv codebase at the time + I decided to make the patches as
non-intrusive to the unchanged part of the codebase as possible.
That's why I wrote this as is; I don't mind to change it, though.

--8/UNazY3TmBX8qB1
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE56JD3UKTLEu/ddrm9dQjyAYL01AFAmGqMb0ACgkQ9dQjyAYL
01B6wA//brP4DBJIDxWHbNJNm2DIOH2Vhrna+0CaiYyXxkzYB95KsGYAt8Kddv9E
nOXuoQRv/cnHaY2RyQMnvz/SIHE6oXvQDG5GBXYtKXPeewVDWTMB+mRhTdIVTX9n
8K/sc34RtaNO30A0crfi+YHvTP8VJdWU3umfL8nD2zE2gLxa+3cR6Mq1aRgwedUZ
uc5zJrPuD+uzwr/ChCIOT04q6sTn7c1lkLrssdfBHOPgcCmZeEsXW6AjLwKTwjmj
guXRBRj5snOxbvZHRH9mc2MeUz8NRAMbEsZzlk35vhdW2e/W9OgQUDdP0Lb8eb2p
+ZYRENj7BQqWRLmgXpEZrMo7wpz6evCTkvVA9hVtNNLe3ddSBsZ9P/tptTkf777w
dLfA7glOn/Fq74JG5MymDWTnq4Tw5ufLXnD/Pju0mqHmlU6/LEAbk6BgwRMsvs5Z
wbgJ3zWwIo5PNbOxJZ7zjACMq8muivuLuOlFnr2c3BEgEKAlv8mhxurL8sNCf8VT
u8/q5dUZceoPoDtWIu+LL4f0W420i0V5lDD/4/cAhDFbwvCfTmd+lhq7i7B7WRz9
AV+m7tRjBQGcs0e146/20LFvU7rDnc81RNaxvDuIf3sDrr4vzlzOV5ycfZF/VtoX
37zxlJU33LnN/g/plSbTnqcOKnh0lyl5pxuq712fXK79mJ33rJc=
=eirN
-----END PGP SIGNATURE-----

--8/UNazY3TmBX8qB1--