reset signal handlers before running scripts/hooks

Front-ends or libraries may set signals to be ignored, which gets inherited across fork and exec. This can cause scripts to malfunction if they expect the signal. To make matters worse, scripts written in bash can't reset signals that were ignored when bash was started. Fixes FS#56756 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 9886566abb)
2018-10-03 00:42:38 -07:00 · 2018-10-03 00:42:38 -07:00 · 2a7bdd3e3a
commit 2a7bdd3e3a
parent b39a62f575
3 changed files with 32 additions and 0 deletions
--- a/lib/libalpm/util.c
+++ b/lib/libalpm/util.c
@ -548,6 +548,25 @@ static int _alpm_chroot_read_from_child(alpm_handle_t *handle, int fd,
 	return 0;
 }

+static void _alpm_reset_signals(void)
+{
+	/* reset POSIX defined signals (see signal.h) */
+	/* there are likely more but there is no easy way
+	 * to get the full list of valid signals */
+	int *i, signals[] = {
+		SIGABRT, SIGALRM, SIGBUS, SIGCHLD, SIGCONT, SIGFPE, SIGHUP, SIGILL,
+		SIGINT, SIGKILL, SIGPIPE, SIGQUIT, SIGSEGV, SIGSTOP, SIGTERM, SIGTSTP,
+		SIGTTIN, SIGTTOU, SIGUSR1, SIGUSR2, SIGPOLL, SIGPROF, SIGSYS, SIGTRAP,
+		SIGURG, SIGVTALRM, SIGXCPU, SIGXFSZ,
+		0
+	};
+	struct sigaction def;
+	def.sa_handler = SIG_DFL;
+	for(i = signals; *i; i++) {
+		sigaction(*i, &def, NULL);
+	}
+}
+
 /** Execute a command with arguments in a chroot.
 * @param handle the context handle
 * @param cmd command to execute
@ -633,6 +652,7 @@ int _alpm_run_chroot(alpm_handle_t *handle, const char *cmd, char *const argv[],
 			exit(1);
 		}
 		umask(0022);
+		_alpm_reset_signals();
 		execv(cmd, argv);
 		/* execv only returns if there was an error */
 		fprintf(stderr, _("call to execv failed (%s)\n"), strerror(errno));
--- a/test/pacman/tests/TESTS
+++ b/test/pacman/tests/TESTS
@ -150,6 +150,7 @@ TESTS += test/pacman/tests/replace102.py
 TESTS += test/pacman/tests/replace103.py
 TESTS += test/pacman/tests/replace104.py
 TESTS += test/pacman/tests/replace110.py
+TESTS += test/pacman/tests/scriptlet-signal-reset.py
 TESTS += test/pacman/tests/scriptlet001.py
 TESTS += test/pacman/tests/scriptlet002.py
 TESTS += test/pacman/tests/sign001.py
--- a/test/pacman/tests/scriptlet-signal-reset.py
+++ b/test/pacman/tests/scriptlet-signal-reset.py
@ -0,0 +1,11 @@
+self.description = "Reset signals before running scriptlets/hooks"
+
+p1 = pmpkg("dummy")
+# check if SIGPIPE is ignored, it should be fatal, but GPGME ignores it
+p1.install['post_install'] = "kill -PIPE $$; echo fail > sigpipe_was_ignored"
+self.addpkg(p1)
+
+self.args = "-U %s" % p1.filename()
+
+self.addrule("PACMAN_RETCODE=0")
+self.addrule("!FILE_EXIST=sigpipe_was_ignored")