ports/69385: dns/nsd: Changing signals used for bind8 stats

Wed Jul 21 17:10:14 UTC 2004

>Number:         69385
>Category:       ports
>Synopsis:       dns/nsd: Changing signals used for bind8 stats
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 21 17:10:13 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Olafur Osvaldsson
>Release:        FreeBSD 5.2.1-RELEASE-p4 i386
>Organization:
ISNIC
>Environment:
System: FreeBSD aker.isnic.is 5.2.1-RELEASE-p4 FreeBSD 5.2.1-RELEASE-p4 #6: Wed Mar 31 09:08:35 GMT 2004 oli at aker.isnic.is:/usr/obj/usr/src/sys/HP360 i386


	
>Description:
nsd is using SIGILL to determine if it should print out bind8 stats to the log.

This will not work if nsd is running as an unprivileged user.
	
>How-To-Repeat:
Make the port with WITH_BIND8_STATS, start as an unprivileged user and run
"kill -SIGILL `cat /var/run/nsd.pid`"
The prog will log the following to syslog:

nsd[66215]: problems killing 66219: Operation not permitted

66215 being the parent process and 66219 a child process.

	
>Fix:
SIGILL is not allowed for "tainted" processes so a non-restricted signal should be used.

I've contacted the developers and the patch attached is from them and will be included
in a future update.

The patch changes SIGILL to SIGUSR1.

--- nsd.diff begins here ---
diff -ruN nsd.orig/Makefile nsd/Makefile
--- nsd.orig/Makefile	Fri Jul  2 22:14:06 2004
+++ nsd/Makefile	Wed Jul 21 16:42:25 2004
@@ -7,6 +7,7 @@
 
 PORTNAME=	nsd
 PORTVERSION=	2.1.1
+PORTREVISION=	1
 CATEGORIES=	dns ipv6
 MASTER_SITES=	http://www.nlnetlabs.nl/downloads/nsd/	\
 		ftp://ftp.rhnet.is/pub/nsd/
diff -ruN nsd.orig/files/patch-aa nsd/files/patch-aa
--- nsd.orig/files/patch-aa	Thu Jan  1 00:00:00 1970
+++ nsd/files/patch-aa	Wed Jul 21 16:51:09 2004
@@ -0,0 +1,110 @@
+Index: nsd.8
+===================================================================
+RCS file: /cvs/nsd/nsd.8,v
+retrieving revision 1.28
+retrieving revision 1.28.2.1
+diff -u -r1.28 -r1.28.2.1
+--- nsd.8	22 Apr 2004 13:23:05 -0000	1.28
++++ nsd.8	21 Jul 2004 16:31:50 -0000	1.28.2.1
+@@ -158,7 +158,7 @@
+ .Ar seconds
+ seconds.
+ This is equal to sending
+-.Em SIGILL
++.Em SIGUSR1
+ to the daemon periodically.
+ 
+ .It Fl t Ar chroot
+@@ -208,7 +208,7 @@
+ Stop answering queries, shutdown, and exit normally.
+ .It Dv SIGHUP
+ Reload the database.
+-.It Dv SIGILL
++.It Dv SIGUSR1
+ Dump BIND8-style statistics into the log. Ignored otherwise.
+ .El
+ .\" .Sh IMPLEMENTATION NOTES
+Index: nsd.c
+===================================================================
+RCS file: /cvs/nsd/nsd.c,v
+retrieving revision 1.105
+retrieving revision 1.105.2.1
+diff -u -r1.105 -r1.105.2.1
+--- nsd.c	22 Apr 2004 13:23:06 -0000	1.105
++++ nsd.c	21 Jul 2004 16:31:54 -0000	1.105.2.1
+@@ -218,6 +218,7 @@
+ 			nsd.mode = NSD_QUIT;
+ 			break;
+ 		case SIGILL:
++		case SIGUSR1:	/* Dump stats on SIGUSR1.  */
+ 			nsd.mode = NSD_STATS;
+ 			break;
+ 		default:
+@@ -237,8 +238,17 @@
+ #ifdef BIND8_STATS
+ 		alarm(nsd.st.period);
+ #endif
+-		sig = SIGILL;
++		sig = SIGUSR1;
++		break;
+ 	case SIGILL:
++		/*
++		 * For backwards compatibility with BIND 8 and older
++		 * versions of NSD.
++		 */
++		sig = SIGUSR1;
++		break;
++	case SIGUSR1:
++		/* Dump statistics.  */
+ 		break;
+ 	case SIGINT:
+ 		/* Silent shutdown... */
+@@ -248,6 +258,7 @@
+ 	default:
+ 		nsd.mode = NSD_SHUTDOWN;
+ 		log_msg(LOG_WARNING, "signal %d received, shutting down...", sig);
++		sig = SIGTERM;
+ 		break;
+ 	}
+ 
+@@ -724,6 +735,7 @@
+ 	sigaction(SIGHUP, &action, NULL);
+ 	sigaction(SIGINT, &action, NULL);
+ 	sigaction(SIGILL, &action, NULL);
++	sigaction(SIGUSR1, &action, NULL);
+ 	sigaction(SIGALRM, &action, NULL);
+ 	sigaction(SIGCHLD, &action, NULL);
+ 	action.sa_handler = SIG_IGN;
+Index: nsdc.sh.in
+===================================================================
+RCS file: /cvs/nsd/nsdc.sh.in,v
+retrieving revision 1.30
+retrieving revision 1.30.2.1
+diff -u -r1.30 -r1.30.2.1
+--- nsdc.sh.in	22 Apr 2004 13:39:47 -0000	1.30
++++ nsdc.sh.in	21 Jul 2004 16:31:56 -0000	1.30.2.1
+@@ -89,7 +89,7 @@
+ 	signal "TERM"
+ 	;;
+ stats)
+-	signal "ILL"
++	signal "USR1"
+ 	;;
+ reload)
+ 	signal "HUP"
+Index: server.c
+===================================================================
+RCS file: /cvs/nsd/server.c,v
+retrieving revision 1.123
+retrieving revision 1.123.2.1
+diff -u -r1.123 -r1.123.2.1
+--- server.c	12 May 2004 14:45:35 -0000	1.123
++++ server.c	21 Jul 2004 16:32:00 -0000	1.123.2.1
+@@ -623,6 +623,7 @@
+ 	sigemptyset(&block_sigmask);
+ 	sigaddset(&block_sigmask, SIGHUP);
+ 	sigaddset(&block_sigmask, SIGILL);
++	sigaddset(&block_sigmask, SIGUSR1);
+ 	sigaddset(&block_sigmask, SIGINT);
+ 	sigaddset(&block_sigmask, SIGTERM);
+ 	sigprocmask(SIG_BLOCK, &block_sigmask, &default_sigmask);
--- nsd.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

