Always set SIGCHLD handler to default, even if the caller of vipw has
set SIGCHLD to ignore. If SIGCHLD is ignored no zombie processes would
be created, which in turn could mean that kill is called with an already
recycled pid.
Also improved error message if child process fails.
Proof of Concept:
1. Compile nochld:
--
#include <signal.h>
#include <unistd.h>
int main(void) {
char *argv[] = { "vipw", NULL };
signal(SIGCHLD, SIG_IGN);
execvp("vipw", argv);
return 1;
}
--
2. Run nochld
3. Suspend child vi, which suspends vipw too:
`kill -STOP childpid`
4. Kill vi:
`kill -9 childpid`
5. You can see with ps that childpid is no zombie but disappeared
6. Bring vipw back into foreground
`fg`
7. See misleading warning message
You will get an improperly formatted warning message. Also the wake up
kill call sent SIGCONT to "childpid" which could have been assigned
to another process already.
This is definitely not a vulnerability. It would take super user
operations, at which point an attacker would have already elevated
permissions.
projects / thirdparty / util-linux.git / commit
