From 66c955bc8fa6fad4e77a836f76e2542165465e79 Mon Sep 17 00:00:00 2001 From: Johnothan King Date: Mon, 13 Jul 2020 11:10:23 -0700 Subject: [PATCH] Fix a fork bomb when vi is run from a script and sent Ctrl-Z (#73) This bug was reported on the old mailing list: https://www.mail-archive.com/ast-developers@lists.research.att.com/msg00207.html A fork bomb can occur when SIGTSTP is sent to the vi editor. Vi must be launched from a script run with exec (tested with BusyBox vi, nvi and vim): $ cat /tmp/foo vi /tmp/bar echo end $ ksh $ chmod +x /tmp/foo $ exec /tmp/foo While in vi, send SIGTSTP using Ctrl-Z src/cmd/ksh93/sh/fault.c: - Only fork after Ctrl-Z if job control is available. The patch used checks 'job.jobcontrol' instead of 'SH_MONITOR': https://git.centos.org/rpms/ksh/blob/c8/f/SOURCES/ksh-20120801-forkbomb.patch --- NEWS | 5 +++++ src/cmd/ksh93/include/version.h | 2 +- src/cmd/ksh93/sh/fault.c | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 347e68c97..5fedacce4 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,11 @@ For full details, see the git log at: https://github.com/ksh93/ksh Any uppercase BUG_* names are modernish shell bug IDs. +2020-07-13: + +- Fixed a fork bomb that could occur when the vi editor was sent SIGTSTP + while running in a ksh script. + 2020-07-10: - Fixed a bug that caused types created with 'typeset -T' to throw an error diff --git a/src/cmd/ksh93/include/version.h b/src/cmd/ksh93/include/version.h index ffc718534..6a0c7083d 100644 --- a/src/cmd/ksh93/include/version.h +++ b/src/cmd/ksh93/include/version.h @@ -17,4 +17,4 @@ * David Korn * * * ***********************************************************************/ -#define SH_RELEASE "93u+m 2020-07-10" +#define SH_RELEASE "93u+m 2020-07-13" diff --git a/src/cmd/ksh93/sh/fault.c b/src/cmd/ksh93/sh/fault.c index 30c536a7b..6c7919a28 100644 --- a/src/cmd/ksh93/sh/fault.c +++ b/src/cmd/ksh93/sh/fault.c @@ -519,7 +519,7 @@ void sh_exit(register int xno) if(pp && pp->mode>1) cursig = -1; #ifdef SIGTSTP - if(shp->trapnote&SH_SIGTSTP) + if((shp->trapnote&SH_SIGTSTP) && job.jobcontrol) { /* ^Z detected by the shell */ shp->trapnote = 0;