BSDSec

deadsimple BSD Security Advisories and Announcements

FreeBSD Errata Notice FreeBSD-EN-25:06.daemon

10 April, 2025 by errata-notices@freebsd.org | freebsd 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-25:06.daemon                                         Errata Notice
                                                          The FreeBSD Project

Topic:          daemon(8) missing signals

Category:       core
Module:         daemon
Announced:      2025-04-10
Affects:        FreeBSD 14.2 and FreeBSD 13.4
Corrected:      2024-12-10 23:05:46 UTC (stable/14, 14.2-STABLE)
                2025-04-10 14:57:41 UTC (releng/14.2, 14.2-RELEASE-p3)
                2024-12-10 23:06:11 UTC (stable/13, 13.4-STABLE)
                2025-04-10 14:59:37 UTC (releng/13.4, 13.4-RELEASE-p5)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

daemon(8) can be sent some signals to control its behavior: SIGHUP to re-open
its output file, or SIGTERM to cleanly terminate the child and shutdown.

II.  Problem Description

Following a change to use kqueue(2) to manage signals, daemon(8) would lose
signal events that occur while it waits to restart the supervised process.

III. Impact

The most notable impact is that daemon(8) may hang if a SIGTERM is sent to it
after the child has gone away, and before it is restarted.

Note that FreeBSD 13.5 is not affected.  FreeBSD 13.5-PRERELEASE and later
builds of stable/13 include the fix.

IV.  Workaround

No workaround is available.  daemon(8) invocations that do not use -r are not
affected, with a larger -R argument being specified making it more likely to
hit the problematic window.

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date, and restart any daemon(8)
processes that may be affected or reboot the system.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:

# freebsd-update fetch
# freebsd-update install

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-25:06/daemonpatch
# fetch https://security.FreeBSD.org/patches/EN-25:06/daemonpatch.asc
# gpg --verify daemon.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

Restart the applicable daemons, or reboot the system.

VI.  Correction details

This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:

Branch/path                             Hash                     Revision
- -------------------------------------------------------------------------
stable/14/                              7ea2874eadf9    stable/14-n269895
releng/14.2/                            4651d400f100  releng/14.2-n269521
stable/13/                              4bb1a558a281    stable/13-n258848
releng/13.4/                            a1f4a530dea3  releng/13.4-n258282
- -------------------------------------------------------------------------

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

VII. References

<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id'7959>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:06.daemon.asc>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmf38DgACgkQbljekB8A
Gu97DRAAgNI+V5TOsP2a9hiQgQ5B1Za6gc28a0mFlhbl6CQn2CdaOrTGFMGXEHVv
+vXXwewBS8N1+fUloDiC6oLi7N9mwt8sI4U3jSnNc1LZhXBDohM0Pv67AOr7GfDp
i+rkYJeGV4uVPKaHbnxWo1LTO+/oJH8N4b4kvIlyzv+C3TRNi3aFarcA+dnw7woK
xL1qTk7uCcgvUn9zh6xlvGKHK605WqwQ3HcBv6sfghGzBdfhkArkMg45ww0z7Xoy
1viVwrdZOIFWMKngPaRypPonp1UZmEOCIT5UzkZv8u2vctJufZEF3mWwQHLYxZg4
1wSTF0YgwrLBsdkLveU9YLG1YWDFIs3XhfMT3ES6PXvNLfDSKH6xrnjcdeki4wtN
wapUu+cKAmB9Itpa7jbyY3pgvqOhmCEprxZ8fAxB55iGIsuWx2jY70j0n6Dko5Z+
AAxdIz6WmCakzpUC5q+cX0A3v33qtPZvzR3iH3ZTYsTYp7B/oKRZ6kW4snTaM/Id
5yI+4vZdVxfWEKWo3b+JWQEi/qRdZpnaRuBK9g7bCEPPv69dVpXfI1hXnczdZrQn
etdF21cnVyWt5brcpDBTk+0s1a2OA7kDqp1sQ/cTgoBEdVW317UDu+esgVzXkQmu
LpPBTXqnBUNhlwiL//APijkcd1iV53RUR3ylL/tC6j04nrURFxEdCo
-----END PGP SIGNATURE-----