Bug#614728: sudo: unsafe SIGCHLD catching code

Tue, 22 Feb 2011 18:42:17 -0800 

Package: sudo
Version: 1.7.4p6-1
Severity: normal

Hello,

I've noticed that sudo uses unsafe SIGCHLD catching code in exec.c:

sig_atomic_t recvsig[NSIG];

int
sudo_execve(path, argv, envp, uid, cstat, dowait, bgmode)
{
...
    sa.sa_flags = SA_INTERRUPT;
    sa.sa_handler = handler;
    sigaction(SIGCHLD, &sa, NULL);

    for (;;) {

        ...

        if (recvsig[SIGCHLD])
            continue;
        nready = select(maxfd + 1, fdsr, fdsw, NULL, NULL);

        ...
    }
...
}

void
handler(s)
    int s;
{
    recvsig[s] = TRUE;
}

Firstly, sig_atomic_t is indeed needed to get atomicity of update in the
recvsig array, but that is not sufficient to make sure that the C
compiler will not optimize tests away, see for instance:

#include <signal.h>
sig_atomic_t i;
int main(void ) {
        while(i);
}

compile with -O3, and see that gcc optimizes into

   0x00000000004004aa <+10>:    jmp    0x4004aa <main+10>

The volatile qualifier needs to be added too.

Secondly, the SIGCHLD signal can be delivered between the
recvsig[SIGCHLD] test and blocking inside select. This is a very tiny
window, but it still exists. The signals should be blocked and pselect
be used instead to atomically unblock the signals and block waiting for
them.

As a side note, a SOCK_DGRAM socketpair is used.  It is worth noting
that such sockets do not detect an EOF condition.

Samuel

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages sudo depends on:
ii  libc6                         2.11.2-11  Embedded GNU C Library: Shared lib
ii  libpam-modules                1.1.1-6.1  Pluggable Authentication Modules f
ii  libpam0g                      1.1.1-6.1  Pluggable Authentication Modules l

sudo recommends no packages.

sudo suggests no packages.

-- Configuration Files:
/etc/sudoers [Errno 13] Permission non accordée: u'/etc/sudoers'
/etc/sudoers.d/README [Errno 13] Permission non accordée: 
u'/etc/sudoers.d/README'

-- no debconf information

-- 
Samuel Thibault <samuel.thiba...@fnac.net>
The only "intuitive" interface is the nipple. After that, it's all learned.
(Bruce Ediger, bedi...@teal.csn.org, in comp.os.linux.misc, on X interfaces.)



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to