From: Pádraig Brady <P@draigBrady.com>
Date: Mon, 11 Mar 2024 13:18:37 +0000 (+0000)
Subject: timeout: fix race where we might kill arbitrary processes
X-Git-Tag: v9.5~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c1cf5148a1c6302d27661ff0af772de1e7dbb2b6;p=thirdparty%2Fcoreutils.git

timeout: fix race where we might kill arbitrary processes

* src/timeout.c (cleanup): Handle the case where monitored_pid
might be -1, which could happen if a signal was received
immediately after a failed fork() call.  In that case it would
send the termination signal to all processes that the timeout
process has permission to send signals too.
* NEWS: Mention the bug fix.
---

diff --git a/NEWS b/NEWS
index 70c4e2f44b..864d7fe8b6 100644
--- a/NEWS
+++ b/NEWS
@@ -33,6 +33,10 @@ GNU coreutils NEWS                                    -*- outline -*-
   on systems with a page size larger than the stdio BUFSIZ.
   [This bug was present in "the beginning".]
 
+  timeout avoids a narrow race condition, where it might kill arbitrary
+  processes after a failed process fork.
+  [bug introduced with timeout in coreutils-7.0]
+
   wc no longer fails to count unprintable characters as parts of words.
   [bug introduced in textutils-2.1]
 
diff --git a/src/timeout.c b/src/timeout.c
index 85d97c0b50..9aa46a4f5a 100644
--- a/src/timeout.c
+++ b/src/timeout.c
@@ -207,7 +207,7 @@ cleanup (int sig)
       timed_out = 1;
       sig = term_signal;
     }
-  if (monitored_pid)
+  if (0 < monitored_pid)
     {
       if (kill_after)
         {
@@ -244,8 +244,13 @@ cleanup (int sig)
             }
         }
     }
-  else /* we're the child or the child is not exec'd yet.  */
-    _exit (128 + sig);
+  else if (monitored_pid == -1)
+    { /* were in the parent, so let it continue to exit below.  */
+    }
+  else /* monitored_pid == 0  */
+    { /* we're the child or the child is not exec'd yet.  */
+      _exit (128 + sig);
+    }
 }
 
 void