Your message dated Sun, 18 Sep 2011 08:57:18 -0600
with message-id <[email protected]>
and subject line Re: Bug#614728: sudo: unsafe SIGCHLD catching code
has caused the Debian Bug report #614728,
regarding sudo: unsafe SIGCHLD catching code
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
614728: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614728
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sudo
Version: 1.7.4p6-1
Severity: normal
Hello,
I've noticed that sudo uses unsafe SIGCHLD catching code in exec.c:
sig_atomic_t recvsig[NSIG];
int
sudo_execve(path, argv, envp, uid, cstat, dowait, bgmode)
{
...
sa.sa_flags = SA_INTERRUPT;
sa.sa_handler = handler;
sigaction(SIGCHLD, &sa, NULL);
for (;;) {
...
if (recvsig[SIGCHLD])
continue;
nready = select(maxfd + 1, fdsr, fdsw, NULL, NULL);
...
}
...
}
void
handler(s)
int s;
{
recvsig[s] = TRUE;
}
Firstly, sig_atomic_t is indeed needed to get atomicity of update in the
recvsig array, but that is not sufficient to make sure that the C
compiler will not optimize tests away, see for instance:
#include <signal.h>
sig_atomic_t i;
int main(void ) {
while(i);
}
compile with -O3, and see that gcc optimizes into
0x00000000004004aa <+10>: jmp 0x4004aa <main+10>
The volatile qualifier needs to be added too.
Secondly, the SIGCHLD signal can be delivered between the
recvsig[SIGCHLD] test and blocking inside select. This is a very tiny
window, but it still exists. The signals should be blocked and pselect
be used instead to atomically unblock the signals and block waiting for
them.
As a side note, a SOCK_DGRAM socketpair is used. It is worth noting
that such sockets do not detect an EOF condition.
Samuel
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.37 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages sudo depends on:
ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib
ii libpam-modules 1.1.1-6.1 Pluggable Authentication Modules f
ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l
sudo recommends no packages.
sudo suggests no packages.
-- Configuration Files:
/etc/sudoers [Errno 13] Permission non accordée: u'/etc/sudoers'
/etc/sudoers.d/README [Errno 13] Permission non accordée:
u'/etc/sudoers.d/README'
-- no debconf information
--
Samuel Thibault <[email protected]>
The only "intuitive" interface is the nipple. After that, it's all learned.
(Bruce Ediger, [email protected], in comp.os.linux.misc, on X interfaces.)
--- End Message ---
--- Begin Message ---
On Sat, 17 Sep 2011 09:34:35 -0400, "Todd C. Miller"
<[email protected]> wrote:
> This was fixed in sudo 1.7.5; sudo now uses the "self pipe trick"
> which solves both problems.
Thanks!
Bdale
pgp9ZHDdm528x.pgp
Description: PGP signature
--- End Message ---
