1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-24 11:29:10 +00:00
freebsd/usr.sbin
Joerg Wunsch 6b5c2dd6a1 Fix a serious bug in syslogd regarding the handling of pipes. The bug
would cause syslogd to eventually kill innocent processes in the
system over time (note: not `could' but `would').  Many thanks to my
colleague Mirko for digging into the kernel structures and providing
me with the debugging framework to find out about the nature of this
bug (and to isolate that syslogd was the culprit) in a rather large
set of distributed machines at client sites where this happened
occasionally.

Whenever a child process was no longer responsive, or when syslogd
receives a SIGHUP so it closes all its logging file descriptors, for
any descriptor that refers to a pipe syslogd enters the data about the
old logging child process into a `dead queue', where it is being
removed from (and the status of the dead kitten being fetched) upon
receipt of a SIGCHLD.  However, there's a high probability that the
SIGCHLD already arrives before the child's data are actually entered
into the dead queue inside the SIGHUP handler, so the SIGCHLD handler
has nothing to fetch and remove and simply continues.  Whenever this
happens, the process'es data remain on the dead queue forever, and
since domark() tried to get rid of totally unresponsive children by
first sending a SIGTERM and later a SIGKILL, it was only a matter of
time until the system had recycled enough PIDs so an innocent process
got shot to death.

Fix the race by masking SIGHUP and SIGCHLD from both handlers mutually.

Add additional bandaids ``just in case'', i. e. don't enter a process
into the dead queue if we can't signal it (this should only happen in
case it is already dead by that time so we can fetch the status
immediately instead of deferring this to the SIGCHLD handler); for the
kill(2) inside domark(), check for an error status (/* Can't happen */
:) and remove it from the dead queue in this case (which if it would
have been there in the first place would have reduced the problem to a
statistically minimal likelihood so i certainly would never have
noticed the bug at all :).

Mirko also reviewed the fix in priciple (mutual blocking of both
signals inside the handlers), but not the actual code.

Reviewed by:	Mirko Kaffka <mirko@interface-business.de>
Approved by:	jkh
2000-02-28 17:49:43 +00:00
..
ac err -> errx for malloc failure 1999-10-12 19:27:11 +00:00
accton
adduser
amd Update for 6.0.3s1 changes. 1999-11-05 12:34:00 +00:00
ancontrol Add driver support for the Aironet 4500/4800 series wireless 802.11 2000-01-14 20:41:03 +00:00
apm Fixed breakage of installation of zzz.8 in previous commit. MLINKS 2000-01-25 08:39:15 +00:00
apmd Remove Xr to apmconf(8) since it got replaced in total by apm(8). 2000-01-23 13:30:44 +00:00
arp Fix syntax error in previous commit. 2000-01-17 01:44:16 +00:00
atm
boot0cfg
bootparamd
btxld o Allow btxld to be compiled on 64-bit machines 2000-01-04 14:10:36 +00:00
burncd Dont allow burn when format not selected. 2000-02-18 16:36:28 +00:00
cdcontrol Fixed a potential buffer overflow problem, in the device name handling. 1999-12-05 20:05:45 +00:00
chkgrp add missing .El. 1999-10-17 15:46:58 +00:00
chown Revert rev 1.3. chown(8)-like functionality has been added to mknod(8) 2000-01-06 05:30:38 +00:00
chroot
ckdist
config Mark the 'conflicts' keyword as obsolete, and don't generate (unused) 2000-01-29 18:14:59 +00:00
cron
crunch Add a few features to crunchgen to simplify the use of existing 2000-02-05 10:29:19 +00:00
ctm Correcting SECURITY warning. 2000-01-29 21:44:42 +00:00
dev_mkdb kvm_mkdb(8) no longer exists (in .Xr) and kvm_nlist(8) has even less to do 1999-12-27 08:01:11 +00:00
diskpart
dpt
edquota
elf2exe Use long long format specifiers and cast each parameter to long long. 1999-12-18 12:12:12 +00:00
faithd Wording fixes 2000-02-10 19:42:42 +00:00
fdcontrol Xref to warn(3) which is used instead of perror. 1999-10-17 15:52:26 +00:00
fdformat Fix fdformat to not use /dev/r* device nodes anymore, this usage 2000-01-23 12:49:42 +00:00
fdwrite Use Pa for filenames. 1999-10-17 15:57:16 +00:00
gifconfig remove redundant ifdef's. 2000-01-07 10:02:43 +00:00
i4b /tmp --> /var/tmp, for consistency with the rest of the example. 2000-02-17 00:43:04 +00:00
ifmcstat remove redundant ifdef's. 2000-01-07 10:02:43 +00:00
inetd Fix broken inet logging when wrapping options are not specified. 2000-02-22 00:27:53 +00:00
iostat Back out previous commit minus spelling fixes. Should have asked maintainer 2000-01-24 22:08:19 +00:00
ipftest Move basic ifilter utils to sbin where they shold have been committed by 1999-12-06 20:50:04 +00:00
ipresend Move basic ifilter utils to sbin where they shold have been committed by 1999-12-06 20:50:04 +00:00
ipsend Move basic ifilter utils to sbin where they shold have been committed by 1999-12-06 20:50:04 +00:00
iptest Move basic ifilter utils to sbin where they shold have been committed by 1999-12-06 20:50:04 +00:00
IPXrouted
jail - As jail(8) has been almost completely rewritten, prepend another copyright/ 2000-02-20 02:51:11 +00:00
kbdcontrol Define some more function keys in the keymap: panic, lshifta, rshifta, etc. 1999-12-10 04:24:27 +00:00
kbdmap Remove invalid section name. Add missing .El. Do not dot terminate 2000-01-23 20:20:55 +00:00
kernbb Correct spelling : ascii -> ASCII 1999-09-20 09:15:23 +00:00
keyadmin
keyserv Use libcrypto instead of libdes. 2000-02-24 21:10:28 +00:00
kgmon Put file names under .Pa. 1999-11-27 16:52:41 +00:00
kgzip Fix insecure tempfile handling. 2000-01-16 21:19:04 +00:00
lpr Type-o, change from[...] = 0 to fromb[...] = 0. The incorrect buffer 2000-01-25 01:51:21 +00:00
lptcontrol Remove incorrect section name. Use .Pa or .Ar instead of .Em. 1999-11-27 16:54:36 +00:00
mailstats
mailwrapper Merge from OpenBSD: 2000-01-10 03:20:13 +00:00
makemap
manctl Remove incorrect section name. Terminate .Bl with .El. 1999-11-27 17:15:51 +00:00
memcontrol Remove an unnecessary cross-reference to ioctl(2) 1999-10-09 16:37:37 +00:00
mergemaster Use the new (Hi rwatson!) NO_MAKEDEV when making our temproot. 2000-02-12 22:14:02 +00:00
mixer Terminate .Bl with .El 1999-11-27 16:55:50 +00:00
mount_nwfs Fix various man pages to stop abusing the .Bx macro to generate 2000-01-23 01:30:05 +00:00
mount_portalfs 10 X's for mktemp(). This seems to be free from race conditions. 2000-01-10 09:33:37 +00:00
mountd Fix various man pages to stop abusing the .Bx macro to generate 2000-01-23 01:30:05 +00:00
moused Added the PnP ID for MouseSystems SmartScroll Mouse (serial mouse). 2000-01-24 10:26:46 +00:00
mptable $FreeBSD$ tags moved to bottom of license aggmt. 1999-10-30 16:05:26 +00:00
mrouted
mtest
mtree Revert part of the last commit, remove {g|s}etflags from the libc 2000-02-05 18:42:36 +00:00
named Install additional documentation: 2000-01-10 09:05:30 +00:00
named.reload
named.restart
ndc ndc is now a C program that communicates with named via a unix-domain 1999-11-30 06:18:10 +00:00
ndp libipsec and IPsec related apps. (and some KAME related man pages) 2000-01-06 12:40:54 +00:00
newsyslog .Nm corrections 1999-11-27 16:57:27 +00:00
nfsd Use libcrypto instead of libdes. 2000-02-24 21:01:54 +00:00
ngctl No need to try loading ng_socket.ko, as NgMkSockNode() does that 2000-01-28 00:50:28 +00:00
nghook Fix minor typo. 1999-12-22 01:25:07 +00:00
nologin
nslookup Link against libbind (library and headers) 1999-11-30 06:16:46 +00:00
nsupdate Link against libbind (library and headers) 1999-11-30 06:16:46 +00:00
ntp Merge into the manual pages the changes from 4.0.99b: 2000-02-10 13:15:47 +00:00
pccard Merge from PAO; Add new keywords for pccard.conf, auto and default. 2000-01-26 17:54:00 +00:00
pciconf [ repository copy of sys/pci/pci_ioctl.h to sys/sys/pciio.h happened in the 1999-12-08 17:44:04 +00:00
pcvt Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL" 1999-12-29 05:07:58 +00:00
periodic
pim6dd HBH hdr len correction. 2000-02-18 11:48:04 +00:00
pim6sd Fix pathname of pim6sd.conf from /usr/local/v6/etc to /etc. 2000-02-15 18:33:22 +00:00
pkg_install pkg_create doesn't use more(1) for displaying +DISPLAY files, it 2000-02-27 06:32:25 +00:00
pnpinfo
portmap K&Rify 2000-01-15 23:08:30 +00:00
ppp Use libcrypto instead of libdes. 2000-02-24 21:10:28 +00:00
pppctl NetBSD has changed the el_init() prototype 1999-09-20 07:22:22 +00:00
pppd Use libcrypto instead of libdes. 2000-02-24 21:10:28 +00:00
pppstats
praliases
prefix remove redundant ifdef's. 2000-01-07 10:02:43 +00:00
procctl Cleanup manpage a bit. 2000-02-21 11:05:56 +00:00
pstat Don't report TABLDISC - it "doesn't happen(TM)" 2000-01-29 16:45:28 +00:00
pw Portability fixes for other bsd4.4 derivatives. 2000-01-15 00:20:22 +00:00
pwd_mkdb Replace the -q option to pwd_mkdb with a test for PW_SCAN_BIG_IDS in 1999-12-02 16:39:15 +00:00
quot Fix various man pages to stop abusing the .Bx macro to generate 2000-01-23 02:10:01 +00:00
quotaon
rarpd Remove incorrect section name. Incomplete -Wall cleaning. 1999-11-27 17:06:40 +00:00
repquota Description 1999-11-01 04:46:09 +00:00
rip6query remove redundant ifdef's. 2000-01-07 10:02:43 +00:00
rmt Minimum necessary change: return no more than 24 bytes of data for the 2000-02-12 01:14:33 +00:00
rndcontrol Fix various man pages to stop abusing the .Bx macro to generate 2000-01-23 02:10:01 +00:00
route6d remove redundant ifdef's. 2000-01-07 10:02:43 +00:00
rpc.lockd
rpc.statd Undo previous change. 1999-10-05 14:40:38 +00:00
rpc.umntall This is another in Martin Blapp's N-series of mount-related cleanups :) 2000-01-15 14:28:14 +00:00
rpc.yppasswdd Revert the libcrypt/libmd stuff back to how it was. This should not have 1999-12-18 13:55:17 +00:00
rpc.ypupdated
rpc.ypxfrd
rrenumd libipsec and IPsec related apps. (and some KAME related man pages) 2000-01-06 12:40:54 +00:00
rtadvd Print ifname when sendmsg failed. 2000-02-24 18:46:51 +00:00
rtprio Use DIAGNOSTICS instead of incorrect section name 1999-11-27 17:10:35 +00:00
rtsold remove redundant ifdef's. 2000-01-07 10:02:43 +00:00
rwhod Grammar fix: `Different than'' should really be `different from''. 2000-01-29 01:54:59 +00:00
sa Grammar fix: `Different than'' should really be `different from''. 2000-01-29 01:54:59 +00:00
sade Make all menu items more consistent and deal with a few remaining 2000-02-26 12:33:49 +00:00
sendmail Since /etc/sendmail.cf got moved to /etc/mail/sendmail.cf, a 'make world' 1999-12-29 18:56:55 +00:00
setkey Change IPv6 scoped addr format again based on recent standard discussion. 2000-02-19 16:10:16 +00:00
sgsc Remove incorrect section name. 1999-11-27 17:13:08 +00:00
sicontrol De-K&Rify sicontrol and tidy up a few loose ends. Remove "register". 2000-01-24 09:14:47 +00:00
sliplogin
slstat
spkrtest
spray
stallion Fix warning: return type of main' is not int' 1999-09-15 01:58:44 +00:00
sysinstall Be neater with the screen contents. 2000-02-26 12:43:01 +00:00
syslogd Fix a serious bug in syslogd regarding the handling of pipes. The bug 2000-02-28 17:49:43 +00:00
tcpdchk Missing tcp_wrapper IPv6 support seemed to be a bug, so commit it. 2000-02-03 10:27:03 +00:00
tcpdmatch
tcpdump Merge tcpdump 3.5 2000-01-30 01:05:24 +00:00
timed
traceroute
traceroute6 Security fixes. (Just same as sbin/ping and usr.sbin/traceroute) 2000-02-24 19:06:05 +00:00
trpt Sorry in this just befor code freeze commit. 2000-01-29 11:49:07 +00:00
tzsetup Convert err() to errx(), reason is already provided. Complete the 2000-01-23 20:25:01 +00:00
usbd Don't fail if less then MAXDEV /dev/usb\d+ entries exist. 2000-01-10 22:35:33 +00:00
usbdevs Use releaseNo, not release. release is evil and should go away. 1999-11-23 01:16:10 +00:00
vidcontrol updates the vidcontrol man page to include mention of the new -M flag 2000-02-17 03:00:38 +00:00
vipw Replace the -q option to pwd_mkdb with a test for PW_SCAN_BIG_IDS in 1999-12-02 16:39:15 +00:00
vnconfig Typo in example: 'vn0' should be 'vn1' 2000-02-17 02:54:36 +00:00
watch Add missing .El. 2000-01-23 20:27:32 +00:00
wicontrol Add support for WEP (encryption) for silver and gold WaveLAN/IEEE turbo cards. 2000-02-02 17:59:13 +00:00
wlconfig Use .Xr for references. 2000-01-23 20:28:41 +00:00
wormcontrol Add a FILES section. 2000-01-23 20:29:46 +00:00
xten
yp_mkdb Remove invalid section name. 2000-01-23 20:32:24 +00:00
ypbind Remove invalid section name. 2000-01-23 20:32:24 +00:00
yppoll
yppush Remove invalid section name. Add missing .El. 2000-01-23 20:33:38 +00:00
ypserv Fix various man pages to stop abusing the .Bx macro to generate 2000-01-23 02:10:01 +00:00
ypset
zic Spelling. Add missing .El. 2000-01-23 20:36:27 +00:00
Makefile IPv6 multicast routing. 2000-01-28 05:10:56 +00:00
Makefile.inc