auditd(8): register signal handlers interrutibly #36
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cemeyer
reviewed
Jun 28, 2018
bin/auditd/auditd.c
Outdated
| auditd_log_err( | ||
| "Could not set signal handler for SIGTERM"); | ||
| fail_exit(); | ||
| } | ||
| if (signal(SIGCHLD, auditd_relay_signal) == SIG_ERR) { | ||
| if (sigaction(SIGCHLD, &action, NULL)) { |
There was a problem hiding this comment.
Implicit treatment of integer return value as bool; instead, compare against 0? E.g., if (sigaction() != 0) or if (sigaction() < 0). (Same below.)
|
The revision looks good to me, but please squash the two commits together for merge. (I think you can just |
auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Fixes openbsm#34
|
@cemeyer BTW, I think that you can squash them while merging as well using the GitHub interface. |
uqs
pushed a commit
to freebsd/freebsd-src
that referenced
this pull request
Jul 3, 2018
auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick openbsm/openbsm@d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM MFC after: 2 weeks Differential Revision: openbsm/openbsm#36 git-svn-id: svn+ssh://svn.freebsd.org/base/head@335899 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
uqs
pushed a commit
to freebsd/freebsd-src
that referenced
this pull request
Jul 3, 2018
auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick openbsm/openbsm@d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM MFC after: 2 weeks Differential Revision: openbsm/openbsm#36
mat813
pushed a commit
to mat813/freebsd
that referenced
this pull request
Jul 12, 2018
auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick openbsm/openbsm@d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM MFC after: 2 weeks Differential Revision: openbsm/openbsm#36 git-svn-id: https://svn.freebsd.org/base/head@335899 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
bdrewery
pushed a commit
to bdrewery/freebsd
that referenced
this pull request
Jul 16, 2018
auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick openbsm/openbsm@d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM MFC after: 2 weeks Differential Revision: openbsm/openbsm#36 git-svn-id: svn+ssh://svn.freebsd.org/base/head@335899 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
uqs
pushed a commit
to freebsd/freebsd-src
that referenced
this pull request
Aug 3, 2018
auditd(8): register signal handlers interrutibly auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick openbsm/openbsm@d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM Differential Revision: openbsm/openbsm#36
uqs
pushed a commit
to freebsd/freebsd-src
that referenced
this pull request
Aug 3, 2018
auditd(8): register signal handlers interrutibly auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick openbsm/openbsm@d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM Differential Revision: openbsm/openbsm#36
mat813
pushed a commit
to mat813/freebsd
that referenced
this pull request
Aug 13, 2018
auditd(8): register signal handlers interrutibly auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick openbsm/openbsm@d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM Differential Revision: openbsm/openbsm#36 git-svn-id: https://svn.freebsd.org/base/stable/10@337257 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
mat813
pushed a commit
to mat813/freebsd
that referenced
this pull request
Aug 13, 2018
auditd(8): register signal handlers interrutibly auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick openbsm/openbsm@d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM Differential Revision: openbsm/openbsm#36 git-svn-id: https://svn.freebsd.org/base/stable/11@337241 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
brooksdavis
pushed a commit
to CTSRD-CHERI/cheribsd
that referenced
this pull request
Sep 7, 2018
auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick openbsm/openbsm@d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM MFC after: 2 weeks Differential Revision: openbsm/openbsm#36
dspinellis
pushed a commit
to dspinellis/unix-history-repo
that referenced
this pull request
Sep 3, 2020
auditd(8): register signal handlers interrutibly auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick openbsm/openbsm@d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM Differential Revision: openbsm/openbsm#36
dspinellis
pushed a commit
to dspinellis/unix-history-repo
that referenced
this pull request
Sep 4, 2020
auditd(8): register signal handlers interrutibly auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick openbsm/openbsm@d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM Differential Revision: openbsm/openbsm#36
dspinellis
pushed a commit
to dspinellis/unix-history-repo
that referenced
this pull request
Sep 4, 2020
auditd(8): register signal handlers interrutibly auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick openbsm/openbsm@d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM Differential Revision: openbsm/openbsm#36
dspinellis
pushed a commit
to dspinellis/unix-history-repo
that referenced
this pull request
Dec 30, 2020
auditd(8): register signal handlers interrutibly auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick openbsm/openbsm@d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM Differential Revision: openbsm/openbsm#36
dspinellis
pushed a commit
to dspinellis/unix-history-repo
that referenced
this pull request
Dec 31, 2020
auditd(8): register signal handlers interrutibly auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick openbsm/openbsm@d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM Differential Revision: openbsm/openbsm#36
dspinellis
pushed a commit
to dspinellis/unix-history-repo
that referenced
this pull request
Jan 1, 2021
auditd(8): register signal handlers interrutibly auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick openbsm/openbsm@d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM Differential Revision: openbsm/openbsm#36
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
auditd_wait_for_events() relies on read(2) being interrupted by signals,
but it registers signal handlers with signal(3), which sets SA_RESTART.
That breaks asynchronous signal handling. It means that signals don't
actually get handled until after an audit(8) trigger is received.
Symptoms include:
SIGTERM and then send a trigger with auditon(2).
sent by auditon. This includes children created by expiring audit trails
at auditd startup.
Fix by using sigaction(2) instead of signal(3).
Fixes #34