diff options
Diffstat (limited to 'usr.sbin/syslogd')
-rw-r--r-- | usr.sbin/syslogd/privsep.c | 11 | ||||
-rw-r--r-- | usr.sbin/syslogd/syslogd.c | 13 |
2 files changed, 22 insertions, 2 deletions
diff --git a/usr.sbin/syslogd/privsep.c b/usr.sbin/syslogd/privsep.c index 2733c48c0da..643b2a4a038 100644 --- a/usr.sbin/syslogd/privsep.c +++ b/usr.sbin/syslogd/privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep.c,v 1.65 2016/12/27 19:16:24 bluhm Exp $ */ +/* $OpenBSD: privsep.c,v 1.66 2016/12/30 23:21:26 bluhm Exp $ */ /* * Copyright (c) 2003 Anil Madhavapeddy <anil@recoil.org> @@ -175,6 +175,7 @@ priv_exec(char *conf, int numeric, int child, int argc, char *argv[]) struct stat cf_info, cf_stat; struct addrinfo hints, *res0; struct sigaction sa; + sigset_t sigmask; if (pledge("stdio rpath wpath cpath dns getpw sendfd id proc exec", NULL) == -1) @@ -209,6 +210,10 @@ priv_exec(char *conf, int numeric, int child, int argc, char *argv[]) setproctitle("[priv]"); logdebug("[priv]: fork+exec done\n"); + sigemptyset(&sigmask); + if (sigprocmask(SIG_SETMASK, &sigmask, NULL) == -1) + err(1, "sigprocmask priv"); + if (stat(conf, &cf_info) < 0) err(1, "stat config file failed"); @@ -409,6 +414,10 @@ priv_exec(char *conf, int numeric, int child, int argc, char *argv[]) int status; waitpid(child_pid, &status, 0); + sigemptyset(&sigmask); + sigaddset(&sigmask, SIGHUP); + if (sigprocmask(SIG_SETMASK, &sigmask, NULL) == -1) + err(1, "sigprocmask exec"); execvp(argv[0], argv); err(1, "exec restart '%s' failed", argv[0]); } diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c index a2fb57f451f..878a35a86cd 100644 --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: syslogd.c,v 1.225 2016/12/27 19:16:24 bluhm Exp $ */ +/* $OpenBSD: syslogd.c,v 1.226 2016/12/30 23:21:26 bluhm Exp $ */ /* * Copyright (c) 1983, 1988, 1993, 1994 @@ -354,6 +354,7 @@ main(int argc, char *argv[]) struct event *ev_klog, *ev_sendsys, *ev_udp, *ev_udp6, *ev_bind, *ev_listen, *ev_tls, *ev_unix, *ev_hup, *ev_int, *ev_quit, *ev_term, *ev_mark; + sigset_t sigmask; const char *errstr; char *p; int ch, i; @@ -361,6 +362,12 @@ main(int argc, char *argv[]) int fd_ctlsock, fd_klog, fd_sendsys, fd_bind, fd_listen; int *fd_unix; + /* block signal until handler is set up */ + sigemptyset(&sigmask); + sigaddset(&sigmask, SIGHUP); + if (sigprocmask(SIG_SETMASK, &sigmask, NULL) == -1) + err(1, "sigprocmask block"); + if ((path_unix = malloc(sizeof(*path_unix))) == NULL) err(1, "malloc %s", _PATH_LOG); path_unix[0] = _PATH_LOG; @@ -840,6 +847,10 @@ main(int argc, char *argv[]) logmsg(LOG_SYSLOG|LOG_INFO, "syslogd: start", LocalHostName, ADDDATE); logdebug("syslogd: started\n"); + sigemptyset(&sigmask); + if (sigprocmask(SIG_SETMASK, &sigmask, NULL) == -1) + err(1, "sigprocmask unblock"); + event_dispatch(); /* NOTREACHED */ return (0); |