grsecurity forums

[voron]

from gradm_adm.c

Code: Select all

static void ipc_sig(int sig)
{
        signal(sig, SIG_IGN);

        return;
}

void start_grlearn(char *logfile)
{
        pid_t pid;

        signal(SIGUSR1, ipc_sig);

        pid = fork();

        if (!pid) {
                execl(GRLEARN_PATH, GRLEARN_PATH, logfile, NULL);
                exit(EXIT_FAILURE);
        } else if (pid > 0) {
                pause(); // wait for child to send us SIGUSR1
        }

        return;
}

If SIGUSR1 will be recieved by gradm from grlearn before pause() called, gradm will lockup and wait forever. Here is some strace -r for gradm, PID 16806

Code: Select all

     0.000048 open("/etc/grsec/pw", O_RDONLY) = 4
     0.000035 read(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 112) = 112
     0.000053 rt_sigaction(SIGUSR1, {0x8054230, [USR1], SA_RESTART}, {SIG_DFL}, 8) = 0
     0.000166 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xa648d708) = 16807
     0.000019 --- SIGUSR1 (User defined signal 1) @ 0 (0) ---
     0.000023 --- SIGCHLD (Child exited) @ 0 (0) ---
     0.000020 rt_sigaction(SIGUSR1, {SIG_IGN}, {0x8054230, [USR1], SA_RESTART}, 8) = 0
     0.000046 sigreturn()               = ? (mask now [])
     0.000061 pause() = ? ERESTARTNOHAND (To be restarted)
     0.000084 --- SIGINT (Interrupt) @ 0 (0) ---
     0.000017 pause()                   = ? ERESTARTNOHAND (To be restarted)
    10.971357 --- SIGTERM (Terminated) @ 0 (0) ---
     0.000023 pause()                   = ? ERESTARTNOHAND (To be restarted)
     3.328117 --- SIGTERM (Terminated) @ 0 (0) ---
     0.000023 pause(

and for 2-nd grlearn

Code: Select all

     0.000397 stat64("/etc/grsec/.grlearn.pid", {st_mode=S_IFREG|0600, st_size=4, ...}) = 0
     0.000134 open("/etc/grsec/.grlearn.pid", O_RDONLY) = 8
     0.000056 read(8, "\220A\0\0", 4)   = 4
     0.000042 close(8)                  = 0
     0.000034 unlink("/etc/grsec/.grlearn.pid") = 0
     0.000093 readlink("/proc/16784/exe", 0xb691de50, 4095) = -1 ENOENT (No such file or directory)
     0.000062 open("/etc/grsec/.grlearn.pid", O_WRONLY|O_CREAT|O_EXCL, 0600) = 8
     0.000055 write(8, "\250A\0\0", 4)  = 4
     0.000048 close(8)                  = 0
     0.000033 kill(16806, SIGUSR1)      = 0
     0.000029 close(0)                  = 0
     0.000025 close(1)                  = 0
     0.000025 close(2)                  = 0
     0.000031 poll([{fd=6, events=POLLIN}], 1, -1) = ? ERESTART_RESTARTBLOCK (To be restarted)
    14.497522 --- SIGINT (Interrupt) @ 0 (0) ---
     0.000011 restart_syscall(<... resuming interrupted call ...>

SIGINT and SIGTERM are my Ctrl+C in console and kill from another console.

[spender]

Thanks for the nice report! I've fixed it in CVS.

-Brad