[stunnel-users] child process reaping

Michael Weiser michael at weiser.dinsnail.net
Tue Jan 29 11:21:33 CET 2013


Hello,

recent versions (4.47+ I think) of stunnel introduce the following code
in stunnel.c:

--- stunnel-4.46/src/stunnel.c  2011-11-03 10:06:59.000000000 +0100
+++ stunnel-4.54/src/stunnel.c  2012-08-18 23:11:53.000000000 +0200
[...]
     } else { /* inetd mode */
[...]
+        signal(SIGCHLD, SIG_IGN); /* ignore dead children */
+        signal(SIGPIPE, SIG_IGN); /* ignore broken pipe */
+        client_main(alloc_client_session(&service_options, 0, 1));
     }

In Linux, child processes seem to inherit their parent's SIGCHLD handler
setting. This means that all of stunnel's child processes will be unable
to wait for their children.

This causes the following uucp-over-stunnel setup I have:

CAfile = /etc/ssl/certs/cacert.pem
cert = /etc/ssl/certs/suucpcert.pem
key = /etc/ssl/private/suucpkey.unenc
verify = 2

service = suucp
exec = /usr/sbin/uucico
execargs = uucico -l

to fail horribly with messages such as this:

uucico weiser - (2013-01-29 01:25:15.33 3676) Call complete (6 seconds 21620 bytes 35103 bps)
uuxqt weiser root (2013-01-29 01:25:17.36 3677) Executing X.weiserSEQ1 (rbsmtp)
uuxqt weiser root (2013-01-29 01:25:17.96 3677) ERROR: waitpid: No child processes
uuxqt weiser root (2013-01-29 01:25:17.96 3677) Execution failed (X.weiserSEQ1)

Restoring SIGCHLD to SIG_DFL just before execvp()'ing the child as in
the attached patch seems to fix it.

I also attach a small test case for reproducing. It can be run like
this:

nc -l -p 12345 -e "stunnel sigchldtest.conf" 127.0.0.1 & openssl s_client -quiet -verify 0 -connect 127.0.0.1:12345

and should produce the following output:

child: 2654
child 2654 died

When automatic child reaping it active it will fail like this:

child: 2538
waitpid: No child processes

BTW: On Mac OS X, the SIGCHLD handler setting does not seem to be
inherited by children.
-- 
Thanks,
Micha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: stunnel-4.54-child-reaping.patch
Type: text/x-diff
Size: 458 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130129/f318aab5/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sigchldtest.c
Type: text/x-c
Size: 420 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130129/f318aab5/attachment.bin>
-------------- next part --------------
cert = stunnel.pem
key = stunnel.pem
verify = 0

libwrap = no

exec = ./sigchldtest
execargs = sigchldtest


More information about the stunnel-users mailing list