From: Samanta Navarro <ferivoz@riseup.net>
Date: Wed, 26 Apr 2023 11:59:51 +0000 (+0000)
Subject: newgrp/useradd: always set SIGCHLD to default
X-Git-Tag: 4.14.0-rc1~100
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7b686d8bd63e45bf2d20438452af58b7908c619f;p=thirdparty%2Fshadow.git

newgrp/useradd: always set SIGCHLD to default

The tools newgrp and useradd expect waitpid to behave as described in
its manual page. But the notes indicate that if SIGCHLD is ignored,
waitpid behaves differently.

A user could set SIGCHLD to ignore before starting newgrp through exec.
Children of newgrp would not become zombies and their PIDs could be
reassigned before newgrp could call kill with the child pid and SIGCONT.

The useradd tool is not installed setuid, but I have added the default
there as well (copied from vipw).

Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
---

diff --git a/src/newgrp.c b/src/newgrp.c
index f8387f11c..0bcf31bad 100644
--- a/src/newgrp.c
+++ b/src/newgrp.c
@@ -288,6 +288,9 @@ static void syslog_sg (const char *name, const char *group)
 		(void) signal (SIGTSTP, SIG_IGN);
 		(void) signal (SIGTTIN, SIG_IGN);
 		(void) signal (SIGTTOU, SIG_IGN);
+		/* set SIGCHLD to default for waitpid */
+		(void) signal(SIGCHLD, SIG_DFL);
+
 		child = fork ();
 		if ((pid_t)-1 == child) {
 			/* error in fork() */
diff --git a/src/useradd.c b/src/useradd.c
index 152b4e535..e31236155 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -20,6 +20,7 @@
 #include <lastlog.h>
 #include <libgen.h>
 #include <pwd.h>
+#include <signal.h>
 #ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 #include "pam_defs.h"
@@ -2156,6 +2157,9 @@ static void tallylog_reset (const char *user_name)
 	if (access(pam_tally2, X_OK) == -1)
 		return;
 
+	/* set SIGCHLD to default for waitpid */
+	signal(SIGCHLD, SIG_DFL);
+
 	failed = 0;
 	switch (childpid = fork())
 	{