Changeset 23356

Timestamp:

09/05/07 11:20:21 (15 months ago)

Author:

zarzycki@…

Message:

<rdar://problem/5461936> signal handling bugs found during code audit

SIGTERM might be ignored for a tiny window post fork() and pre execve() in the child.

SIGTERM might be ignored for a tiny window of launchd's initialization of itself.

Location:

trunk/launchd/src

Files:

• launchd.c (modified) (4 diffs)
• launchd_core_logic.c (modified) (1 diff)
• launchd_runtime.c (modified) (5 diffs)
• launchd_runtime.h (modified) (1 diff)

trunk/launchd/src/launchd.c

@@ -107 +107 @@
 main(int argc, char *const *argv)
 {
-        static const int sigigns[] = { SIGHUP, SIGINT, SIGPIPE, SIGALRM,
-                SIGTERM, SIGURG, SIGTSTP, SIGTSTP, SIGCONT, SIGTTIN,
-                SIGTTOU, SIGIO, SIGXCPU, SIGXFSZ, SIGVTALRM, SIGPROF,
-                SIGWINCH, SIGINFO, SIGUSR1, SIGUSR2
-        };
         bool sflag = false;
-        size_t i;
         int ch;
 
@@ -137 +131 @@
         launchd_runtime_init();
 
-        for (i = 0; i < (sizeof(sigigns) / sizeof(int)); i++) {
-                launchd_assumes(signal(sigigns[i], SIG_IGN) != SIG_ERR);
-        }
-
         if (NULL == getenv("PATH")) {
                 setenv("PATH", _PATH_STDPATH, 1);
@@ -153 +143 @@
         monitor_networking_state();
 
-
         if (getpid() == 1) {
                 handle_pid1_crashes_separately();
@@ -159 +148 @@
 
         jobmgr_init(sflag);
+
+        launchd_runtime_init2();
 
         launchd_runtime();

trunk/launchd/src/launchd_core_logic.c

@@ -2483 +2483 @@
         }
 
-        for (i = 1; i < NSIG; i++) {
-                signal(i, SIG_DFL);
-        }
-
         if (j->quarantine_data) {
                 qtn_proc_t qp;

trunk/launchd/src/launchd_runtime.c

@@ -55 +55 @@
 #include <stdbool.h>
 #include <syslog.h>
+#include <signal.h>
 #include <dlfcn.h>
 
@@ -106 +107 @@
 static void logmsg_remove(struct logmsg_s *lm);
 
+
+static const int sigigns[] = { SIGHUP, SIGINT, SIGPIPE, SIGALRM, SIGTERM,
+        SIGURG, SIGTSTP, SIGTSTP, SIGCONT, SIGTTIN, SIGTTOU, SIGIO, SIGXCPU,
+        SIGXFSZ, SIGVTALRM, SIGPROF, SIGWINCH, SIGINFO, SIGUSR1, SIGUSR2
+};
+static sigset_t sigign_set;
+
 void
 launchd_runtime_init(void)
@@ -142 +150 @@
         runtime_openlog(getprogname(), LOG_PID|LOG_CONS, LOG_LAUNCHD);
         runtime_setlogmask(LOG_UPTO(/* LOG_DEBUG */ LOG_NOTICE));
+}
+
+void
+launchd_runtime_init2(void)
+{
+        size_t i;
+
+        for (i = 0; i < (sizeof(sigigns) / sizeof(int)); i++) {
+                sigaddset(&sigign_set, sigigns[i]);
+                launchd_assumes(signal(sigigns[i], SIG_IGN) != SIG_ERR);
+        }
 }
 
@@ -584 +603 @@
 runtime_fork(mach_port_t bsport)
 {
+        sigset_t emptyset, oset;
         pid_t r = -1;
         int saved_errno;
+        size_t i;
+
+        sigemptyset(&emptyset);
 
         launchd_assumes(launchd_mport_make_send(bsport) == KERN_SUCCESS);
@@ -591 +614 @@
         launchd_assumes(launchd_mport_deallocate(bsport) == KERN_SUCCESS);
 
+        launchd_assumes(sigprocmask(SIG_BLOCK, &sigign_set, &oset) != -1);
+        for (i = 0; i < (sizeof(sigigns) / sizeof(int)); i++) {
+                launchd_assumes(signal(sigigns[i], SIG_DFL) != SIG_ERR);
+        }
+
         r = fork();
-
         saved_errno = errno;
 
         if (r != 0) {
+                for (i = 0; i < (sizeof(sigigns) / sizeof(int)); i++) {
+                        launchd_assumes(signal(sigigns[i], SIG_IGN) != SIG_ERR);
+                }
+                launchd_assumes(sigprocmask(SIG_SETMASK, &oset, NULL) != -1);
                 launchd_assumes(launchd_set_bport(MACH_PORT_NULL) == KERN_SUCCESS);
+        } else {
+                launchd_assumes(sigprocmask(SIG_SETMASK, &emptyset, NULL) != -1);
         }
 

trunk/launchd/src/launchd_runtime.h

@@ -58 +58 @@
 
 void launchd_runtime_init(void);
+void launchd_runtime_init2(void);
 void launchd_runtime(void) __attribute__((noreturn));