pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM

2019-03-22 16:31:06 +01:00 · 2019-03-22 16:31:06 +01:00 · 7a8b1e663f
parent 01fe006f8b
commit 7a8b1e663f
2 changed files with 91 additions and 1 deletions
--- a/polkit.spec
+++ b/polkit.spec
@ -6,7 +6,7 @@
 Summary: An authorization framework
 Name: polkit
 Version: 0.115
-Release: 4.3%{?dist}
+Release: 4.4%{?dist}
 License: LGPLv2+
 URL: http://www.freedesktop.org/wiki/Software/polkit
 Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
@ -19,6 +19,7 @@ Patch3: bus-conn-msg-ssh.patch
 Patch4: CVE-2018-19788.patch
 Patch5: start_time-reuse-exploit.patch
 Patch6: Allow-uid-of-1-for-a-PolkitUnixProcess.patch
+Patch7: tty-echo-disabled-on-sigint.patch


 BuildRequires: gcc-c++
@ -187,6 +188,9 @@ exit 0
 %{_libdir}/girepository-1.0/*.typelib

 %changelog
+* Thu Feb 14 2019 Jan Rybar <jrybar@redhat.com> - 0.115-4.4
+- pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM
+
 * Tue Feb 05 2019 Jan Rybar <jrybar@redhat.com> - 0.115-4.3
 - Allow pid=-1 for PolkitUnixProcess to prevent 'critical'

--- a/tty-echo-disabled-on-sigint.patch
+++ b/tty-echo-disabled-on-sigint.patch
@ -0,0 +1,86 @@
+diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c
+index 3f324b8..3c8d502 100644
+--- a/src/programs/pkttyagent.c
+++ b/src/programs/pkttyagent.c
+@@ -25,11 +25,44 @@
+ 
+ #include <stdio.h>
+ #include <stdlib.h>
+#include <signal.h>
+#include <termios.h>
+ #include <glib/gi18n.h>
+ #include <polkit/polkit.h>
+ #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
+ #include <polkitagent/polkitagent.h>
+ 
+
+static volatile sig_atomic_t tty_flags_saved;
+struct termios ts;
+FILE *tty = NULL;
+struct sigaction savesigterm, savesigint, savesigtstp;
+
+
+static void tty_handler(int signal)
+{
+  switch (signal)
+  {
+    case SIGTERM:
+      sigaction (SIGTERM, &savesigterm, NULL);
+      break;
+    case SIGINT:
+      sigaction (SIGINT, &savesigint, NULL);
+      break;
+    case SIGTSTP:
+      sigaction (SIGTSTP, &savesigtstp, NULL);
+      break;
+  }
+
+  if (tty_flags_saved)
+  {
+    tcsetattr (fileno (tty), TCSAFLUSH, &ts);
+  }
+
+  kill(getpid(), signal);
+}
+
+
+ int
+ main (int argc, char *argv[])
+ {
+@@ -74,6 +107,8 @@ main (int argc, char *argv[])
+   GMainLoop *loop = NULL;
+   guint ret = 126;
+   GVariantBuilder builder;
+  struct sigaction sa;
+  const char *tty_name = NULL;
+ 
+   /* Disable remote file access from GIO. */
+   setenv ("GIO_USE_VFS", "local", 1);
+@@ -212,6 +247,27 @@ main (int argc, char *argv[])
+         }
+     }
+ 
+/* Bash leaves tty echo disabled if SIGINT/SIGTERM comes to polkitagenttextlistener.c::on_request(),
+   but due to threading the handlers cannot take care of the signal there.
+   Though if controlling terminal cannot be found, the world won't stop spinning.
+*/
+  tty_name = ctermid(NULL);
+  if (tty_name != NULL)
+  {
+    tty = fopen(tty_name, "r+");
+  }
+
+  if (tty != NULL && !tcgetattr (fileno (tty), &ts))
+  {
+	  tty_flags_saved = TRUE;
+  }
+
+  memset (&sa, 0, sizeof (sa));
+  sa.sa_handler = &tty_handler;
+  sigaction (SIGTERM, &sa, &savesigterm);
+  sigaction (SIGINT, &sa, &savesigint);
+  sigaction (SIGTSTP, &sa, &savesigtstp);
+
+   loop = g_main_loop_new (NULL, FALSE);
+   g_main_loop_run (loop);
+