Bug 55785 - kppp: killing pppd after Alt-Ctrl-Bcksp shutsdown FreeBSD
Summary: kppp: killing pppd after Alt-Ctrl-Bcksp shutsdown FreeBSD
Status: RESOLVED WORKSFORME
Alias: None
Product: kppp
Classification: Applications
Component: general (show other bugs)
Version: 2.1.2
Platform: Compiled Sources FreeBSD
: NOR crash
Target Milestone: ---
Assignee: Harri Porten
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-03-10 03:10 UTC by J E Drews
Modified: 2004-05-11 06:43 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description J E Drews 2003-03-10 03:10:29 UTC
Version:           2.1.2 (using KDE 3.1.0)
Installed from:    compiled sources
Compiler:          gcc version 2.95.4 20020320 [FreeBSD]
OS:          FreeBSD (i386) release 4.8-RC

This bug report is related to:
http://bugs.kde.org/show_bug.cgi?id=23715

In FreeBSD, if a user account does ALT-CTRL-BACKSPACE, to kill the Kde desktop, then kppp and pppd are still running. If the user account now kills the pppd pid, then the FreeBSD computer shuts down.

To Reproduce:
A) Configure Kppp as a user.
i) in /etc (as root) do touch resolv.conf
ii) in /etc/ppp (as root) do touch options
iii) Configure the rest of Kppp in your Kde user account session.
B) Demonstration of Bug:
1) Dial out with Kppp
2) After the connection is established do: Alt-Ctrl-Backspace
3) Still in the user account, do ps -aux | grep ppp
4) do  (as user) kill pid-of-pppd
5) FreeBSD will now shutdown
This is a partial output of the shutdown sequence:
$ kill 373  //pid of pppd
$ It was pppd that died
$ pppd exited with return value 1
$ sending 1 SIGUSR1
$ Mar 9 01:20:07 Hostname syslogd: exiting on signal 15
The computer then shuts down.
Comment 1 Michael Nottebrock 2003-03-10 03:24:23 UTC
It seems that sighandler_child in opener.cpp sends a SIGUSR1 to init (which results 
in a system shutdown, since it's part of kppp's setuid helper) while trying to kill its 
parent process. I don't know if getppid()'s behaviour of returning init as the parent 
process is bogus, however, if the rest of kppp is gone after a (forced) 
XFree86-crash, that might just be true. 
 
I think sighandler_child could use a bit of sanity checking before signalling anything 
to its alleged parent. This bug could be used as a first step to a local DOS attack, 
the second step needed would be to somehow force pppd to die (for example by 
pulling the cable, turning off the modem, etc). 
Comment 2 Michael Nottebrock 2003-03-10 03:34:28 UTC
Related bug btw.: 23715 
Comment 3 Simon Hausmann 2003-07-07 10:28:32 UTC
One can argue whether this is a pppd bug or not, but it actually kills its entire 
process group when the connection is terminated (see also kill_my_pg in pppd/
main.c) . See also http://cr.yp.to/daemontools/faq/create.html#pgrphack 
Comment 4 J E Drews 2004-05-11 06:30:07 UTC
I don't know if this has been fixed. I stopped using Kde about 5 months ago.
Comment 5 J E Drews 2004-05-11 06:43:07 UTC
Just go ahead and close this -- it will never be fixed. FreeBSD has userland PPP.