Bug#614728: sudo: unsafe SIGCHLD catching code

2011-10-05 Thread Ed Schouten 
Hi,

Even though it has been fixed in 1.7.5, when can we expect a fix for
this to land in Debian Squeeze?

Thanks,
-- 
 Ed Schouten e...@80386.nl
 WWW: http://80386.nl/


pgpJu8XGStGwg.pgp
Description: PGP signature

Bug#614728: sudo: unsafe SIGCHLD catching code

2011-09-17 Thread Todd C. Miller 
This was fixed in sudo 1.7.5; sudo now uses the self pipe trick
which solves both problems.

 - todd



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#614728: sudo: unsafe SIGCHLD catching code

2011-02-22 Thread Samuel Thibault 
Package: sudo
Version: 1.7.4p6-1
Severity: normal

Hello,

I've noticed that sudo uses unsafe SIGCHLD catching code in exec.c:

sig_atomic_t recvsig[NSIG];

int
sudo_execve(path, argv, envp, uid, cstat, dowait, bgmode)
{
...
sa.sa_flags = SA_INTERRUPT;
sa.sa_handler = handler;
sigaction(SIGCHLD, sa, NULL);

for (;;) {

...

if (recvsig[SIGCHLD])
continue;
nready = select(maxfd + 1, fdsr, fdsw, NULL, NULL);

...
}
...
}

void
handler(s)
int s;
{
recvsig[s] = TRUE;
}

Firstly, sig_atomic_t is indeed needed to get atomicity of update in the
recvsig array, but that is not sufficient to make sure that the C
compiler will not optimize tests away, see for instance:

#include signal.h
sig_atomic_t i;
int main(void ) {
while(i);
}

compile with -O3, and see that gcc optimizes into

   0x004004aa +10:jmp0x4004aa main+10

The volatile qualifier needs to be added too.

Secondly, the SIGCHLD signal can be delivered between the
recvsig[SIGCHLD] test and blocking inside select. This is a very tiny
window, but it still exists. The signals should be blocked and pselect
be used instead to atomically unblock the signals and block waiting for
them.

As a side note, a SOCK_DGRAM socketpair is used.  It is worth noting
that such sockets do not detect an EOF condition.

Samuel

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages sudo depends on:
ii  libc6 2.11.2-11  Embedded GNU C Library: Shared lib
ii  libpam-modules1.1.1-6.1  Pluggable Authentication Modules f
ii  libpam0g  1.1.1-6.1  Pluggable Authentication Modules l

sudo recommends no packages.

sudo suggests no packages.

-- Configuration Files:
/etc/sudoers [Errno 13] Permission non accordée: u'/etc/sudoers'
/etc/sudoers.d/README [Errno 13] Permission non accordée: 
u'/etc/sudoers.d/README'

-- no debconf information

-- 
Samuel Thibault samuel.thiba...@fnac.net
The only intuitive interface is the nipple. After that, it's all learned.
(Bruce Ediger, bedi...@teal.csn.org, in comp.os.linux.misc, on X interfaces.)



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org