[PATCH] casperd should detach from controlling session

Xin Li delphij at delphij.net
Thu Mar 13 21:08:37 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi, Pawel,

I have noticed that casperd's child (zygote) would still use
controlling session from parent.  This can be observed by running ps
- -ax on systems running casperd, where the child have a spurious
console associated.

The attached patch would fix it.  May I commit it against -HEAD?

By the way, the zygote child also closes file descriptor 4 twice
(harmless; it's either sp[0] or the /dev/null which is closed before
starting zygote_main, or before returning from stdnull().  Based on
the construct of the code, I believe both close() can be omitted.  If
this makes sense I'll submit a new patch.

Cheers,
- -- 
Xin LI <delphij at delphij.net>    https://www.delphij.net/
FreeBSD - The Power to Serve!           Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)

iQIcBAEBCgAGBQJTIh5UAAoJEJW2GBstM+nsDIoP/jJ0na0zNFoxruLWCZEr7uDr
ulgP8iV3B4b0OhTnCGsnlU3MOoypbLG9kMxJGVhfumZlxl/m6tg3nwBUA42Z/BHF
r6XsPRv47A84PrJckVJcXhcvKOGPVlB23SdITjv2wW13Sj+d+g2j7cLULibvFLR/
a+hx5WVHYeFZPWuJL1g/LxtHvxCMvYoT7wgYMjrUdTuYr5kMC/hMgBk569AuC5QJ
PQXvRKvaWvCGbNLj2BQTsEtunszmed7A/AUqDSx5pSju11J5vYETIuR+CSPn7kE1
6EwAY60jyoRMldQ7kRsp8FYsQX9OBDQVK7Gp95FF/jgBOIqo3B+I2SgKwBGrMM/G
4Z026QD3sAH7jcG6eK9mLrSIBtJ4zK5g9HwzE7v52lGRHsqm9n6gifcRIjBZW+iL
MX1VujJ1Ew1PUxWFj3cgEgHkQ/cftTjl20TB0NW8SsskCy9cRhEN6Z+qEhT81zHf
ywM8u3g8ndH/m/iwm1tho/Csp7ejHjGhD5sJf4pCfrwDkY3jVW0nd7Q4djMpDDBL
to4tIyomXW3Mhhr+9Xt7x8sq+/YhYR+h/gslX3Q/VFnd/FEL/Ae7C1NS8KpRdZYG
wkXzgdJBgRUxlVMxKGYn8wEtDreaMVrB4jkOAlGdSqaSuLtQpb5acuWpvlk+nDs2
VDYbEHUEPeBbcAAoZkIR
=kdOi
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: sbin/casperd/zygote.c
===================================================================
--- sbin/casperd/zygote.c	(revision 263112)
+++ sbin/casperd/zygote.c	(working copy)
@@ -63,6 +63,9 @@ stdnull(void)
 	if (fd == -1)
 		errx(1, "Unable to open %s", _PATH_DEVNULL);
 
+	if (setsid() == -1)
+		errx(1, "Unable to detach from session");
+
 	if (dup2(fd, STDIN_FILENO) == -1)
 		errx(1, "Unable to cover stdin");
 	if (dup2(fd, STDOUT_FILENO) == -1)

More information about the freebsd-security mailing list