55785 – kppp: killing pppd after Alt-Ctrl-Bcksp shutsdown FreeBSD

Bug 55785 - kppp: killing pppd after Alt-Ctrl-Bcksp shutsdown FreeBSD

Summary: kppp: killing pppd after Alt-Ctrl-Bcksp shutsdown FreeBSD

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	kppp
Classification:	Applications
Component:	general (show other bugs)
Version:	2.1.2
Platform:	Compiled Sources FreeBSD

Importance:	NOR crash
Target Milestone:	---
Assignee:	Harri Porten

URL:
Keywords:

Depends on:
Blocks:

Reported:	2003-03-10 03:10 UTC by J E Drews
Modified:	2004-05-11 06:43 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description J E Drews 2003-03-10 03:10:29 UTC

Version:           2.1.2 (using KDE 3.1.0)
Installed from:    compiled sources
Compiler:          gcc version 2.95.4 20020320 [FreeBSD]
OS:          FreeBSD (i386) release 4.8-RC

This bug report is related to:
http://bugs.kde.org/show_bug.cgi?id=23715

In FreeBSD, if a user account does ALT-CTRL-BACKSPACE, to kill the Kde desktop, then kppp and pppd are still running. If the user account now kills the pppd pid, then the FreeBSD computer shuts down.

To Reproduce:
A) Configure Kppp as a user.
i) in /etc (as root) do touch resolv.conf
ii) in /etc/ppp (as root) do touch options
iii) Configure the rest of Kppp in your Kde user account session.
B) Demonstration of Bug:
1) Dial out with Kppp
2) After the connection is established do: Alt-Ctrl-Backspace
3) Still in the user account, do ps -aux | grep ppp
4) do  (as user) kill pid-of-pppd
5) FreeBSD will now shutdown
This is a partial output of the shutdown sequence:
$ kill 373  //pid of pppd
$ It was pppd that died
$ pppd exited with return value 1
$ sending 1 SIGUSR1
$ Mar 9 01:20:07 Hostname syslogd: exiting on signal 15
The computer then shuts down.

Comment 1 Michael Nottebrock 2003-03-10 03:24:23 UTC

It seems that sighandler_child in opener.cpp sends a SIGUSR1 to init (which results 
in a system shutdown, since it's part of kppp's setuid helper) while trying to kill its 
parent process. I don't know if getppid()'s behaviour of returning init as the parent 
process is bogus, however, if the rest of kppp is gone after a (forced) 
XFree86-crash, that might just be true. 
 
I think sighandler_child could use a bit of sanity checking before signalling anything 
to its alleged parent. This bug could be used as a first step to a local DOS attack, 
the second step needed would be to somehow force pppd to die (for example by 
pulling the cable, turning off the modem, etc).

Comment 2 Michael Nottebrock 2003-03-10 03:34:28 UTC

Related bug btw.: 23715

Comment 3 Simon Hausmann 2003-07-07 10:28:32 UTC

One can argue whether this is a pppd bug or not, but it actually kills its entire 
process group when the connection is terminated (see also kill_my_pg in pppd/
main.c) . See also http://cr.yp.to/daemontools/faq/create.html#pgrphack

Comment 4 J E Drews 2004-05-11 06:30:07 UTC

I don't know if this has been fixed. I stopped using Kde about 5 months ago.

Comment 5 J E Drews 2004-05-11 06:43:07 UTC

Just go ahead and close this -- it will never be fixed. FreeBSD has userland PPP.