d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

auditd(8): register signal handlers interrutibly

Browse Source 
auditd_wait_for_events() relies on read(2) being interrupted by signals,
but it registers signal handlers with signal(3), which sets SA_RESTART.
That breaks asynchronous signal handling. It means that signals don't
actually get handled until after an audit(8) trigger is received.
Symptoms include:

* Sending SIGTERM to auditd doesn't kill it right away; you must send
  SIGTERM and then send a trigger with auditon(2).
* Same with SIGHUP
* Zombie child processes don't get reaped until auditd receives a trigger
  sent by auditon. This includes children created by expiring audit trails
  at auditd startup.

Fix by using sigaction(2) instead of signal(3).

Cherry pick https://github.com/openbsm/openbsm/commit/d060887

PR:		229381
Reviewed by:	cem
Obtained from:	OpenBSM
MFC after:	2 weeks
Differential Revision:	https://github.com/openbsm/openbsm/pull/36
This commit is contained in:
asomers 2018-07-03 17:37:16 +00:00
parent 0b35e16c23
commit 726c74451f
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
contrib/openbsm/bin/auditd/auditd.c
View File

@ -415,27 +415,35 @@ close_all(void)
static int
register_daemon(void)
{
struct sigaction action;
FILE * pidfile;
int fd;
pid_t pid;
/* Set up the signal hander. */
if (signal(SIGTERM, auditd_relay_signal) == SIG_ERR) {
action.sa_handler = auditd_relay_signal;
/*
* sa_flags must not include SA_RESTART, so that read(2) will be
* interruptible in auditd_wait_for_events
*/
action.sa_flags = 0;
sigemptyset(&action.sa_mask);
if (sigaction(SIGTERM, &action, NULL) != 0) {
auditd_log_err(
"Could not set signal handler for SIGTERM");
fail_exit();
}
if (signal(SIGCHLD, auditd_relay_signal) == SIG_ERR) {
if (sigaction(SIGCHLD, &action, NULL) != 0) {
auditd_log_err(
"Could not set signal handler for SIGCHLD");
fail_exit();
}
if (signal(SIGHUP, auditd_relay_signal) == SIG_ERR) {
if (sigaction(SIGHUP, &action, NULL) != 0) {
auditd_log_err(
"Could not set signal handler for SIGHUP");
fail_exit();
}
if (signal(SIGALRM, auditd_relay_signal) == SIG_ERR) {
if (sigaction(SIGALRM, &action, NULL) != 0) {
auditd_log_err(
"Could not set signal handler for SIGALRM");
fail_exit();