[Pkg-shadow-devel] document pam-based su(1) behavior of SIGTERM/SIGKILL

Nicolas François nicolas.francois at centraliens.net
Sun Aug 30 19:35:23 UTC 2009


Hello,

On Sun, Aug 23, 2009 at 06:48:04AM -0400, vapier at gentoo.org wrote:
> user report:
> http://bugs.gentoo.org/282094
> 
> the current pam run_shell() code doesnt seem to check if the child is still 
> alive after the SIGTERM and before the SIGKILL, but maybe i missed something 
> weird with the signal handler.

Yes, sleep + SIGKILL should be changed to an alarm + waitpid and the
SIGKILL should only be sent in the alarm signal handler.

Also the return value of su should be documented (not only in this case).

It is not clear what the return value of su should be in this case. The
user seems to expect a return value of 0.
I think using the same return code as in the regular case should be OK
((0 != WIFEXITED (status)) ? WEXITSTATUS (status) : WTERMSIG (status) + 128)
And return 255 if the child did not terminate itself after the SIGTERM.


I should have time to work on it this week.

Best Regards,
-- 
Nekral



More information about the Pkg-shadow-devel mailing list