From 496d91311ede807152fdcf87403c7b8ffbe14824 Mon Sep 17 00:00:00 2001 From: Alexandre Cassen <acassen@gmail.com> Date: Thu, 26 Jul 2012 17:36:54 +0200 Subject: [PATCH] security: Fix exploitable issue in sighandler ! Do not call/use syslog in signal handler. It can be used in a way to execute unauthorized code. --- keepalived/check/check_daemon.c | 3 --- keepalived/core/main.c | 1 - keepalived/vrrp/vrrp_daemon.c | 3 --- 3 files changed, 7 deletions(-) diff --git a/keepalived/check/check_daemon.c b/keepalived/check/check_daemon.c index ea6c85d..fd1f6b2 100644 --- a/keepalived/check/check_daemon.c +++ b/keepalived/check/check_daemon.c @@ -138,8 +138,6 @@ void sighup_check(void *v, int sig) { - log_message(LOG_INFO, "Reloading Healthchecker child process(%d) on signal", - getpid()); thread_add_event(master, reload_check_thread, NULL, 0); } @@ -147,7 +145,6 @@ void sigend_check(void *v, int sig) { - log_message(LOG_INFO, "Terminating Healthchecker child process on signal"); if (master) thread_add_terminate_event(master); } diff --git a/keepalived/core/main.c b/keepalived/core/main.c index c225bdf..c69696c 100644 --- a/keepalived/core/main.c +++ b/keepalived/core/main.c @@ -101,7 +101,6 @@ int status; /* register the terminate thread */ - log_message(LOG_INFO, "Terminating on signal"); thread_add_terminate_event(master); if (vrrp_child > 0) { diff --git a/keepalived/vrrp/vrrp_daemon.c b/keepalived/vrrp/vrrp_daemon.c index 239291b..da1205b 100644 --- a/keepalived/vrrp/vrrp_daemon.c +++ b/keepalived/vrrp/vrrp_daemon.c @@ -153,8 +153,6 @@ void sighup_vrrp(void *v, int sig) { - log_message(LOG_INFO, "Reloading VRRP child process(%d) on signal", - getpid()); thread_add_event(master, reload_vrrp_thread, NULL, 0); } @@ -162,7 +160,6 @@ void sigend_vrrp(void *v, int sig) { - log_message(LOG_INFO, "Terminating VRRP child process on signal"); if (master) thread_add_terminate_event(master); } -- 1.7.10