From: Laurent Bercot <ska-supervision@skarnet.org>
To: "Ciprian Dorin, Craciun" <ciprian.craciun@gmail.com>
Cc: supervision@list.skarnet.org, sudo-users@sudo.ws
Subject: Re: Improper setting / resetting of the signals mask
Date: Tue, 14 Sep 2010 22:22:23 +0200 [thread overview]
Message-ID: <20100914202223.GA10388@skarnet.org> (raw)
In-Reply-To: <AANLkTik39j45XmArWreOJK71hMr561iD0iw04qYXN=2i@mail.gmail.com>
> Hello all!
>
> Sorry for cross-posting, but this "bug" is relevant to both
> projects (`runit` and `sudo`), so please forgive me in advance. :)
>
> In short `sudo` doesn't seem to reset (zero out) its inherited
> signal mask, and `runit` seems to leave some signals blocked when
> exec-ing children. (And the side-effect is breaking some service
> management scripts.)
Hello Ciprian,
If you're going to blame sudo for not resetting the signal mask,
why not also blame bash, which is executed between runsv and sudo ? :)
It seems natural to think that a shell should reset the sigprocmask.
I just checked SUSv3, which says nothing about that; so, by default,
ignoring the sigprocmask is probably the right thing to do, and
bash (for once) gets it right.
It is debatable whether sudo should be paranoid and also unblock
signals. On the one hand, the *point* of sudo is to be paranoid. On
the other hand, applications can and generally should expect to be
executed in a sane environment, and be liberal in what they accept
(i.e. they should not arbitrarily close fds or remove environment
variables, for instance - and I don't think they should arbitrarily
unblock signals either).
What is certain is that runsv does the wrong thing here: blocked
signals should definitely be unblocked before exec'ing an external
command. I'm sure Gerrit will agree and fix that in a next release.
In the meantime, let me suggest 2 workarounds:
- You can use the 'trap' shell command to manually unblock signals.
SUSv3 does not even specify that using 'trap' should unblock the
trapped, or defaulted, signals, but not doing it would be clearly
absurd. 'trap - TERM' and you should be rolling.
- In this precise case, you don't even need sudo. If all you want
is to give user 'joe' enough rights to control /service/foo, you
can make /service/foo/supervise/control writable by 'joe'. For
instance:
# chown joe /service/foo/supervise/control
Then, no need for elaborate control scripts: all the complexity
of the script can be moved to the client side, and joe just runs
'sv force-restart /service/foo' when appropriate.
--
Laurent
prev parent reply other threads:[~2010-09-14 20:22 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-14 11:14 Ciprian Dorin, Craciun
2010-09-14 13:49 ` Todd C. Miller
2010-09-14 20:22 ` Laurent Bercot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100914202223.GA10388@skarnet.org \
--to=ska-supervision@skarnet.org \
--cc=ciprian.craciun@gmail.com \
--cc=sudo-users@sudo.ws \
--cc=supervision@list.skarnet.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).