[sudo-users] [patch] sudo ignores signals from outside container

Maarten de Vries maarten at de-vri.es
Mon Aug 10 14:41:57 MDT 2015


Hello,

​It would appear that sudo running inside a container ignores signals ​sent
from processes outside of the container. After stracing the sudo process
inside the container, this appears to be caused by the si_pid field of the
siginfo_t struct being set to 0. See the attachments for the strace output.

In exec.c there are some checks on handling signals to see if they're from
the same process group as sudo or the child with a check like this (the
pattern occurs twice in exec.c and once in exec_pty.c):

if (s != SIGCHLD && USER_SIGNALED(info)) {
>   pid_t si_pgrp = getpgid(info->si_pid);
>   if (si_pgrp != (pid_t)-1) {
>     if (si_pgrp == ppgrp || si_pgrp == cmnd_pid)
>       return;
>   } else if (info->si_pid == cmnd_pid) {
>    return;
>   }
>
}
>
> // writing to signal pipe here
>


However, here info->si_pid is zero, and getpgid(0) returns the process
group of the current progress, so it always matches ppgrp. I believe these
checks should be skipped for si_pid == 0. I attached a patch that make sure
signals are not ignored if the si_pid field is set to 0.

Kind regards,
Maarten
-------------- next part --------------
# HG changeset patch
# User Maarten de Vries <maarten at de-vri.es>
# Date 1439238327 -7200
#      Mon Aug 10 22:25:27 2015 +0200
# Node ID fe9aab15c73cdf80a7e5b8a6b95ece9e78d87d74
# Parent  f5a94a3a119268cbaf64a52449b9967e17da62d5
Do not ignore signals with si_pid == 0.

diff -r f5a94a3a1192 -r fe9aab15c73c src/exec.c
--- a/src/exec.c	Mon Aug 10 10:56:47 2015 -0600
+++ b/src/exec.c	Mon Aug 10 22:25:27 2015 +0200
@@ -887,7 +887,7 @@
      * kill itself.  For example, this can happen with some versions of
      * reboot that call kill(-1, SIGTERM) to kill all other processes.
      */
-    if (s != SIGCHLD && USER_SIGNALED(info)) {
+    if (s != SIGCHLD && USER_SIGNALED(info) && info->si_pid != 0) {
 	pid_t si_pgrp = getpgid(info->si_pid);
 	if (si_pgrp != (pid_t)-1) {
 	    if (si_pgrp == ppgrp || si_pgrp == cmnd_pid)
@@ -945,7 +945,7 @@
      */
     if (!USER_SIGNALED(info))
 	return;
-    if ((si_pgrp = getpgid(info->si_pid)) != (pid_t)-1) {
+    if (info->si_pid != 0 && (si_pgrp = getpgid(info->si_pid)) != (pid_t)-1) {
 	if (si_pgrp == ppgrp || si_pgrp == cmnd_pid)
 	    return;
     } else if (info->si_pid == cmnd_pid) {
diff -r f5a94a3a1192 -r fe9aab15c73c src/exec_pty.c
--- a/src/exec_pty.c	Mon Aug 10 10:56:47 2015 -0600
+++ b/src/exec_pty.c	Mon Aug 10 22:25:27 2015 +0200
@@ -135,7 +135,7 @@
      * itself.  This can happen with, e.g., BSD-derived versions of
      * reboot that call kill(-1, SIGTERM) to kill all other processes.
      */
-    if (s != SIGCHLD && USER_SIGNALED(info)) {
+    if (s != SIGCHLD && USER_SIGNALED(info) && info->si_pid != 0) {
 	pid_t si_pgrp = getpgid(info->si_pid);
 	if (si_pgrp != (pid_t)-1) {
 	    if (si_pgrp == cmnd_pgrp)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kill-inside-container.strace
Type: application/octet-stream
Size: 1231 bytes
Desc: not available
URL: <http://www.sudo.ws/pipermail/sudo-users/attachments/20150810/b553d8d0/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kill-outside-container.strace
Type: application/octet-stream
Size: 440 bytes
Desc: not available
URL: <http://www.sudo.ws/pipermail/sudo-users/attachments/20150810/b553d8d0/attachment-0001.obj>


More information about the sudo-users mailing list