Detect death of parent process from `setuid` process
I am writing a C application that calls fork()
to create child processes. The application runs as the root user. In the parent process, I use wait()
for pending exited child processes. In child processes, I use prctl()
with option PR_SET_PDEATHSIG
to detect the death of the parent. It works fine. To reduce the risk of security issues, child processes are called setuid()
to change the UID. The problem is this: child processes can no longer detect the death of the parent.
I searched around to find the answer and found some helpful links, but that doesn't help:
- Parent process death detection
- Process Hierarchy Enforcement (
prctl
) : While this link has a clear answer, there is no solution.
How to do it right?
I just stumbled upon the same issue, the kernel flushes the signal PDEATH
when the credentials change:
https://github.com/torvalds/linux/blob/master/kernel/cred.c#L450
This can be verified with the following code and strace -f
:
#include <sys/prctl.h>
#include <unistd.h>
#include <signal.h>
int main(int argc, char *argv[])
{
if (fork() == 0) {
// This works as expected
setgid(1000);
setuid(1000);
prctl(PR_SET_PDEATHSIG, SIGTERM);
// This doesn't work since pdeath_signal will be reset
// setgid(1000);
// setuid(1000);
pause();
}
sleep(1);
kill(getpid(), SIGTERM);
return (0);
}