- dtucker@cvs.openbsd.org 2011/06/03 01:37:40

     [ssh-agent.c]
     Check current parent process ID against saved one to determine if the parent
     has exited, rather than attempting to send a zero signal, since the latter
     won't work if the parent has changed privs.  bz#1905, patch from Daniel Kahn
     Gillmor, ok djm@

2 files changed, 12 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 724bb4f1..2831c374 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,12 @@
      AT googlemail.com; ok dtucker@
      NB. includes additional portability code to enable setproctitle emulation
      on platforms that don't support it.
+   - dtucker@cvs.openbsd.org 2011/06/03 01:37:40
+     [ssh-agent.c]
+     Check current parent process ID against saved one to determine if the parent
+     has exited, rather than attempting to send a zero signal, since the latter
+     won't work if the parent has changed privs.  bz#1905, patch from Daniel Kahn
+     Gillmor, ok djm@
 
 20110529
  - (djm) OpenBSD CVS Sync
diff --git a/ssh-agent.c b/ssh-agent.c
index ae204b14..b9498e6e 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.171 2010/11/21 01:01:13 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.172 2011/06/03 01:37:40 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1097,7 +1097,11 @@ cleanup_handler(int sig)
 static void
 check_parent_exists(void)
 {
-	if (parent_pid != -1 && kill(parent_pid, 0) < 0) {
+	/*
+	 * If our parent has exited then getppid() will return (pid_t)1,
+	 * so testing for that should be safe.
+	 */
+	if (parent_pid != -1 && getppid() != parent_pid) {
 		/* printf("Parent has died - Authentication agent exiting.\n"); */
 		cleanup_socket();
 		_exit(2);