diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2021-02-11 17:38:53 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska-skaware@skarnet.org> | 2021-02-11 17:38:53 +0000 |
| commit | c0e09dfe5ff3630f914f1008941a1cfdacbd3db2 (patch) | |
| tree | fbd1629012b6c6d1ec11c32b8010814616e6eae8 | |
| parent | 4d157070b438574bb7c5c30cb62a135f056b4289 (diff) | |
| download | s6-c0e09dfe5ff3630f914f1008941a1cfdacbd3db2.tar.xz | |
bugfix: unignore SIGPIPE before execing a user-controlled process
| -rw-r--r-- | src/conn-tools/s6-ipcserverd.c | 1 | ||||
| -rw-r--r-- | src/pipe-tools/s6-ftrig-listen.c | 4 | ||||
| -rw-r--r-- | src/pipe-tools/s6-ftrig-listen1.c | 7 | ||||
| -rw-r--r-- | src/supervision/s6-supervise.c | 2 | ||||
| -rw-r--r-- | src/supervision/s6-svlisten.c | 4 | ||||
| -rw-r--r-- | src/supervision/s6-svlisten1.c | 6 | ||||
| -rw-r--r-- | src/supervision/s6-svwait.c | 5 |
7 files changed, 26 insertions, 3 deletions
diff --git a/src/conn-tools/s6-ipcserverd.c b/src/conn-tools/s6-ipcserverd.c index 6a8f84e..1c834e5 100644 --- a/src/conn-tools/s6-ipcserverd.c +++ b/src/conn-tools/s6-ipcserverd.c @@ -286,6 +286,7 @@ static void new_connection (int s, char const *remotepath, char const *const *ar else if (!pid) { selfpipe_finish() ; + sig_restore(SIGPIPE) ; run_child(s, uid, gid, num+1, remotepath, argv) ; } diff --git a/src/pipe-tools/s6-ftrig-listen.c b/src/pipe-tools/s6-ftrig-listen.c index d9c4b53..c6c105f 100644 --- a/src/pipe-tools/s6-ftrig-listen.c +++ b/src/pipe-tools/s6-ftrig-listen.c @@ -66,7 +66,7 @@ int main (int argc, char const **argv, char const *const *envp) x[0].fd = selfpipe_init() ; if (x[0].fd < 0) strerr_diefu1sys(111, "selfpipe_init") ; if (selfpipe_trap(SIGCHLD) < 0) strerr_diefu1sys(111, "selfpipe_trap") ; - if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "sig_ignore") ; + if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "ignore SIGPIPE") ; if (!ftrigr_startf_g(&a, &deadline)) strerr_diefu1sys(111, "ftrigr_startf") ; x[1].fd = ftrigr_fd(&a) ; @@ -81,8 +81,10 @@ int main (int argc, char const **argv, char const *const *envp) if (!ids[i]) strerr_diefu4sys(111, "subscribe to ", argv[i<<1], " with regexp ", argv[(i<<1)+1]) ; } + sig_restore(SIGPIPE) ; pid = child_spawn0(argv[argc1 + 1], argv + argc1 + 1, envp) ; if (!pid) strerr_diefu2sys(111, "spawn ", argv[argc1 + 1]) ; + if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "ignore SIGPIPE") ; for (;;) { diff --git a/src/pipe-tools/s6-ftrig-listen1.c b/src/pipe-tools/s6-ftrig-listen1.c index b04808c..ecb7593 100644 --- a/src/pipe-tools/s6-ftrig-listen1.c +++ b/src/pipe-tools/s6-ftrig-listen1.c @@ -4,6 +4,7 @@ #include <errno.h> #include <signal.h> #include <unistd.h> + #include <skalibs/sgetopt.h> #include <skalibs/types.h> #include <skalibs/allreadwrite.h> @@ -13,6 +14,7 @@ #include <skalibs/djbunix.h> #include <skalibs/sig.h> #include <skalibs/selfpipe.h> + #include <s6/ftrigr.h> #define USAGE "s6-ftrig-listen1 [ -t timeout ] fifodir regexp prog..." @@ -57,7 +59,7 @@ int main (int argc, char const *const *argv, char const *const *envp) tain_now_set_stopwatch_g() ; tain_add_g(&deadline, &tto) ; - + if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "sig_ignore") ; if (!ftrigr_startf_g(&a, &deadline)) strerr_diefu1sys(111, "ftrigr_startf") ; id = ftrigr_subscribe_g(&a, argv[0], argv[1], 0, &deadline) ; if (!id) strerr_diefu4sys(111, "subscribe to ", argv[0], " with regexp ", argv[1]) ; @@ -65,11 +67,12 @@ int main (int argc, char const *const *argv, char const *const *envp) x[0].fd = selfpipe_init() ; if (x[0].fd < 0) strerr_diefu1sys(111, "selfpipe_init") ; if (selfpipe_trap(SIGCHLD) < 0) strerr_diefu1sys(111, "selfpipe_trap") ; - if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "sig_ignore") ; x[1].fd = ftrigr_fd(&a) ; + sig_restore(SIGPIPE) ; pid = child_spawn0(argv[2], argv+2, envp) ; if (!pid) strerr_diefu2sys(111, "spawn ", argv[2]) ; + if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "sig_ignore") ; for (;;) { diff --git a/src/supervision/s6-supervise.c b/src/supervision/s6-supervise.c index a175f0a..bda8e52 100644 --- a/src/supervision/s6-supervise.c +++ b/src/supervision/s6-supervise.c @@ -268,6 +268,7 @@ static void trystart (void) char const *cargv[2] = { "run", 0 } ; PROG = "s6-supervise (child)" ; selfpipe_finish() ; + sig_restore(SIGPIPE) ; if (notifyp[0] >= 0) close(notifyp[0]) ; close(p[0]) ; if (notifyp[1] >= 0 && fd_move((int)fd, notifyp[1]) < 0) @@ -391,6 +392,7 @@ static int uplastup_z (void) char fmt1[UINT_FMT] ; char *cargv[4] = { "finish", fmt0, fmt1, 0 } ; selfpipe_finish() ; + sig_restore(SIGPIPE) ; fmt0[uint_fmt(fmt0, WIFSIGNALED(status.wstat) ? 256 : WEXITSTATUS(status.wstat))] = 0 ; fmt1[uint_fmt(fmt1, WTERMSIG(status.wstat))] = 0 ; setsid() ; diff --git a/src/supervision/s6-svlisten.c b/src/supervision/s6-svlisten.c index 1364b44..1a25c54 100644 --- a/src/supervision/s6-svlisten.c +++ b/src/supervision/s6-svlisten.c @@ -1,10 +1,12 @@ /* ISC license. */ #include <stdint.h> +#include <signal.h> #include <skalibs/sgetopt.h> #include <skalibs/types.h> #include <skalibs/bitarray.h> +#include <skalibs/sig.h> #include <skalibs/tai.h> #include <skalibs/strerr2.h> #include <skalibs/djbunix.h> @@ -69,8 +71,10 @@ int main (int argc, char const **argv, char const *const *envp) unsigned char upstate[bitarray_div8(argc1)] ; unsigned char readystate[bitarray_div8(argc1)] ; s6_svlisten_init(argc1, argv, &foo, ids, upstate, readystate, &deadline) ; + sig_restore(SIGPIPE) ; pid = child_spawn0(argv[argc1 + 1], argv + argc1 + 1, envp) ; if (!pid) strerr_diefu2sys(111, "spawn ", argv[argc1 + 1]) ; + if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "ignore SIGPIPE") ; if (wantrestart) s6_svlisten_loop(&foo, 0, 1, or, &deadline, spfd, &s6_svlisten_signal_handler) ; e = s6_svlisten_loop(&foo, wantup, wantready, or, &deadline, spfd, &s6_svlisten_signal_handler) ; if (e < 0) strerr_dief1x(102, "supervisor died") ; diff --git a/src/supervision/s6-svlisten1.c b/src/supervision/s6-svlisten1.c index eaad48c..b0d5dd8 100644 --- a/src/supervision/s6-svlisten1.c +++ b/src/supervision/s6-svlisten1.c @@ -1,11 +1,15 @@ /* ISC license. */ #include <stdint.h> +#include <signal.h> + #include <skalibs/sgetopt.h> #include <skalibs/types.h> +#include <skalibs/sig.h> #include <skalibs/tai.h> #include <skalibs/strerr2.h> #include <skalibs/djbunix.h> + #include "s6-svlisten.h" #define USAGE "s6-svlisten1 [ -U | -u | -d | -D | -r | -R ] [ -t timeout ] servicedir prog..." @@ -49,8 +53,10 @@ int main (int argc, char const *const *argv, char const *const *envp) tain_add_g(&deadline, &tto) ; spfd = s6_svlisten_selfpipe_init() ; s6_svlisten_init(1, argv, &foo, &id, &upstate, &readystate, &deadline) ; + sig_restore(SIGPIPE) ; pid = child_spawn0(argv[1], argv + 1, envp) ; if (!pid) strerr_diefu2sys(111, "spawn ", argv[1]) ; + if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "ignore SIGPIPE") ; if (wantrestart) s6_svlisten_loop(&foo, 0, 1, 1, &deadline, spfd, &s6_svlisten_signal_handler) ; e = s6_svlisten_loop(&foo, wantup, wantready, 1, &deadline, spfd, &s6_svlisten_signal_handler) ; if (e < 0) strerr_dief1x(102, "supervisor died") ; diff --git a/src/supervision/s6-svwait.c b/src/supervision/s6-svwait.c index 2fc8fcb..87b9fde 100644 --- a/src/supervision/s6-svwait.c +++ b/src/supervision/s6-svwait.c @@ -1,11 +1,15 @@ /* ISC license. */ #include <stdint.h> +#include <signal.h> + #include <skalibs/sgetopt.h> #include <skalibs/types.h> #include <skalibs/bitarray.h> +#include <skalibs/sig.h> #include <skalibs/tai.h> #include <skalibs/strerr2.h> + #include "s6-svlisten.h" #define USAGE "s6-svwait [ -U | -u | -d | -D ] [ -a | -o ] [ -t timeout ] servicedir..." @@ -50,6 +54,7 @@ int main (int argc, char const *const *argv) uint16_t ids[argc] ; unsigned char upstate[bitarray_div8(argc)] ; unsigned char readystate[bitarray_div8(argc)] ; + if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "ignore SIGPIPE") ; s6_svlisten_init(argc, argv, &foo, ids, upstate, readystate, &deadline) ; e = s6_svlisten_loop(&foo, wantup, wantready, or, &deadline, -1, 0) ; if (e < 0) strerr_dief1x(102, "supervisor died") ; |