You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Inspired by the analysis of the RegreSSHion vulnerability, I've just looked at signal handlers in accel-pppd.
If logging to files is configured, SIGHUP handler to re-open them may call potentially async-signal-unsafe functions.
Probably not easily exploitable, as remote attacker has no control over when SIGHUP is sent, but if logrotate is configured to send SIGHUP to re-open log files after rotating them at predictable time (say from a cron job), someone might get lucky.
General recommendation is for the signal handler to only set a flag and return, then check that flag in the main process, and if set then call the functions to re-open log files synchronously (not from the signal handler directly).
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Accel PPP Inc
-
Inspired by the analysis of the RegreSSHion vulnerability, I've just looked at signal handlers in accel-pppd.
If logging to files is configured, SIGHUP handler to re-open them may call potentially async-signal-unsafe functions.
Probably not easily exploitable, as remote attacker has no control over when SIGHUP is sent, but if logrotate is configured to send SIGHUP to re-open log files after rotating them at predictable time (say from a cron job), someone might get lucky.
General recommendation is for the signal handler to only set a flag and return, then check that flag in the main process, and if set then call the functions to re-open log files synchronously (not from the signal handler directly).
Beta Was this translation helpful? Give feedback.
All reactions