[Bug libc/19144] New: daemon() fails to prevent reacquisition of controlling terminal

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug libc/19144] New: daemon() fails to prevent reacquisition of controlling terminal
@ 2015-10-16 19:23 mtk.manpages at gmail dot com
  2015-10-19  8:36 ` [Bug libc/19144] " fweimer at redhat dot com
  0 siblings, 1 reply; 2+ messages in thread
From: mtk.manpages at gmail dot com @ 2015-10-16 19:23 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=19144

            Bug ID: 19144
           Summary: daemon() fails to prevent reacquisition of controlling
                    terminal
           Product: glibc
           Version: 2.23
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: mtk.manpages at gmail dot com
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

Created attachment 8726
  --> https://sourceware.org/bugzilla/attachment.cgi?id=8726&action=edit
Test program for daemon.c

The glibc daemon() function has been taking from BSD, but Linux follows System
V semantics w.r.t. a session acquiring a controlling. The upshot is that after
calling a daemon() the process may inadvertently acquire a controlling
terminal. I just added the following text to the daemon(3) manual page:

       The GNU C library implementation of  this  function  was  taken
       from  BSD, and does not employ the double-fork technique (i.e.,
       fork(2), setsid(2), fork(2)) that is necessary to  ensure  that
       the resulting daemon process is not a session leader.  Instead,
       the resulting daemon is a session leader.  On systems that fol‐
       low  System  V  semantics (e.g., Linux), this means that if the
       daemon opens a terminal that is not already a controlling  ter‐
       minal  for  another  session,  then that terminal will inadver‐
       tently become the controlling terminal for the daemon.

That text highlights the required fix, which is the addition of the following
step after the call to setsid():

    if (fork())
        exit(0);

I have tested the current daemon implementation, and the caller of daemon can
indeed reacquire terminal, as shown in the following run:

$ alias dps='ps -o "pid ppid pgrp sid tty cmd" -C dtest'
$ sudo ./dtest /dev/tty5
hello
$ dps; sleep 10; dps
  PID  PPID  PGRP   SID TT       CMD
11084     1 11084 11084 ?        ./dtest /dev/tty5
  PID  PPID  PGRP   SID TT       CMD
11084     1 11084 11084 tty5     ./dtest /dev/tty5

Note that in the final line we can see that tty5 has become the controlling tty
of the process.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
>From glibc-bugs-return-30197-listarch-glibc-bugs=sources.redhat.com@sourceware.org Fri Oct 16 20:35:38 2015
Return-Path: <glibc-bugs-return-30197-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Delivered-To: listarch-glibc-bugs@sources.redhat.com
Received: (qmail 122818 invoked by alias); 16 Oct 2015 20:35:38 -0000
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
Delivered-To: mailing list glibc-bugs@sourceware.org
Received: (qmail 122736 invoked by uid 48); 16 Oct 2015 20:35:34 -0000
From: "fweimer at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug network/12926] getaddrinfo()/make_request() may spin forever
Date: Fri, 16 Oct 2015 20:35:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: network
X-Bugzilla-Version: 2.13
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: fweimer at redhat dot com
X-Bugzilla-Status: ASSIGNED
X-Bugzilla-Resolution:
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: fweimer at redhat dot com
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: security-
X-Bugzilla-Changed-Fields: bug_status cc assigned_to
Message-ID: <bug-12926-131-FZ5f9kkRo0@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-12926-131@http.sourceware.org/bugzilla/>
References: <bug-12926-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-10/txt/msg00234.txt.bz2
Content-length: 1000

https://sourceware.org/bugzilla/show_bug.cgi?id\x12926

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |ASSIGNED
                 CC|                            |fweimer at redhat dot com
           Assignee|drepper.fsp at gmail dot com       |fweimer at redhat dot com

--- Comment #9 from Florian Weimer <fweimer at redhat dot com> ---
There are several other places which use < 0 instead of <= 0, so commit
fda389c8f0311dd5786be91a7b54b9f935fcafa1 may be incomplete.  I will also get
clarification if netlink responses from the kernel can get lost.

We might also simplify the netlink processing logic a bit because kernel
messages can no longer be spoofed due to this kernel fix:

http://marc.info/?l=linux-netdev&m\x134572386125610

--
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 2+ messages in thread

* [Bug libc/19144] daemon() fails to prevent reacquisition of controlling terminal
  2015-10-16 19:23 [Bug libc/19144] New: daemon() fails to prevent reacquisition of controlling terminal mtk.manpages at gmail dot com
@ 2015-10-19  8:36 ` fweimer at redhat dot com
  0 siblings, 0 replies; 2+ messages in thread
From: fweimer at redhat dot com @ 2015-10-19  8:36 UTC (permalink / raw)
  To: glibc-bugs

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="UTF-8", Size: 4785 bytes --]

https://sourceware.org/bugzilla/show_bug.cgi?id=19144

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com

--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
How risky is adding the second fork?  Would it otherwise change behavior?

By the way, the manual daemon(3) manual page talks about the â€œcalling process's
current working directoryâ€.  I think this is misleading because the function
exits the calling process before changing the current directory.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
>From glibc-bugs-return-30217-listarch-glibc-bugs=sources.redhat.com@sourceware.org Mon Oct 19 09:51:20 2015
Return-Path: <glibc-bugs-return-30217-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Delivered-To: listarch-glibc-bugs@sources.redhat.com
Received: (qmail 17137 invoked by alias); 19 Oct 2015 09:51:20 -0000
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
Delivered-To: mailing list glibc-bugs@sourceware.org
Received: (qmail 17057 invoked by uid 55); 19 Oct 2015 09:51:16 -0000
From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug libc/18032] buffer overflow (read past end of buffer) in internal_fnmatch
Date: Mon, 19 Oct 2015 09:51:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: libc
X-Bugzilla-Version: 2.21
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: cvs-commit at gcc dot gnu.org
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: 2.22
X-Bugzilla-Flags: security+
X-Bugzilla-Changed-Fields:
Message-ID: <bug-18032-131-JpR4oaMeMo@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-18032-131@http.sourceware.org/bugzilla/>
References: <bug-18032-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-10/txt/msg00254.txt.bz2
Content-length: 1974

https://sourceware.org/bugzilla/show_bug.cgi?id\x18032

--- Comment #7 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.19/master has been updated
       via  012adb33827608d3b78e3832a1948b468b549946 (commit)
       via  fc843f6e48737d3d6690c5cf355d9719274efee1 (commit)
      from  3fd498242948b1fa944c56646ec9b156387dd310 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h\x012adb33827608d3b78e3832a1948b468b549946

commit 012adb33827608d3b78e3832a1948b468b549946
Author: Paul Pluzhnikov <ppluzhnikov@google.com>
Date:   Sun Feb 22 12:01:47 2015 -0800

    Fix BZ #17269 -- _IO_wstr_overflow integer overflow

    (cherry picked from commit bdf1ff052a8e23d637f2c838fa5642d78fcedc33)

    Conflicts:
        ChangeLog
        NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;hü843f6e48737d3d6690c5cf355d9719274efee1

commit fc843f6e48737d3d6690c5cf355d9719274efee1
Author: Andreas Schwab <schwab@suse.de>
Date:   Thu Feb 26 14:55:24 2015 +0100

    Fix read past end of pattern in fnmatch (bug 18032)

    (cherry picked from commit 4a28f4d55a6cc33474c0792fe93b5942d81bf185)

    Conflicts:
        ChangeLog
        NEWS

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog            |   12 ++++++++++++
 NEWS                 |    2 +-
 libio/wstrops.c      |    8 +++++++-
 posix/fnmatch_loop.c |    5 ++---
 4 files changed, 22 insertions(+), 5 deletions(-)

--
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2015-10-19  8:36 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-10-16 19:23 [Bug libc/19144] New: daemon() fails to prevent reacquisition of controlling terminal mtk.manpages at gmail dot com
2015-10-19  8:36 ` [Bug libc/19144] " fweimer at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).