Detect death of parent process from `setuid` process

Question

Detect death of parent process from `setuid` process

I am writing a C application that calls fork()

to create child processes. The application runs as the root user. In the parent process, I use wait()

for pending exited child processes. In child processes, I use prctl()

with option PR_SET_PDEATHSIG

to detect the death of the parent. It works fine. To reduce the risk of security issues, child processes are called setuid()

to change the UID. The problem is this: child processes can no longer detect the death of the parent.

I searched around to find the answer and found some helpful links, but that doesn't help:

Parent process death detection
Process Hierarchy Enforcement ( prctl

) : While this link has a clear answer, there is no solution.

How to do it right?

+3

c linux process fork setuid

QuangNHb Jul 17 17 at 8:13

source to share

1 answer

3XX0 · Answer 1 · 2017-11-17T11:32:16+0000

I just stumbled upon the same issue, the kernel flushes the signal PDEATH

when the credentials change:

https://github.com/torvalds/linux/blob/master/kernel/cred.c#L450

This can be verified with the following code and strace -f

:

#include <sys/prctl.h>
#include <unistd.h>
#include <signal.h>

int main(int argc, char *argv[])
{
        if (fork() == 0) {
                // This works as expected
                setgid(1000);                                                                                                                                                                                       
                setuid(1000);

                prctl(PR_SET_PDEATHSIG, SIGTERM);

                // This doesn't work since pdeath_signal will be reset
                // setgid(1000);
                // setuid(1000);

                pause();
        }
        sleep(1);
        kill(getpid(), SIGTERM);
        return (0);
}

Detect death of parent process from `setuid` process

More articles: