[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[screen-devel] [bug #55511] Prevent Panic causing Panic, and children re

From: Scott Shambarger
Subject: [screen-devel] [bug #55511] Prevent Panic causing Panic, and children removing sockets
Date: Fri, 18 Jan 2019 13:41:53 -0500 (EST)
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:64.0) Gecko/20100101 Firefox/64.0


                 Summary: Prevent Panic causing Panic, and children removing
                 Project: GNU Screen
            Submitted by: sshambar
            Submitted on: Fri 18 Jan 2019 06:41:51 PM UTC
                Category: Program Logic
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 4.6.2
           Fixed Release: None
         Planned Release: None
           Work Required: None



While tracking down another screen bug, I noticed that I wasn't getting Panic
messages from child processes, and my screen socket kept disappearing.

This is all related to suid root screen (tested on OSX, but probably applies
to other suid ports).

The problem is that in several places forked child processes call setuid, but
don't set eff_uid to the new uid.  Any child Panic will call SendErrorMsg,
which will create a child socket, which calls xseteuid(eff_uid=0) after the
socket is created -- and that leads to another Panic.

This prevented the error from being sent.

In addition, since ServerSocket is still valid, when the child Panic calls
eexit(), it removes the socket file.

I've created a patch that fixes both of these bugs (and fixes a leaked file
descriptor or fork fails, which probably doesn't happen often :)

Patch is attached.


File Attachments:

Date: Fri 18 Jan 2019 06:41:51 PM UTC  Name:
Prevent-Panic-causing-Panic-and-children-removing-sockets.diff  Size: 4KiB  
By: sshambar



Reply to this item at:


  Message sent via Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]