Index: trunk/include/sh_calls.h =================================================================== --- trunk/include/sh_calls.h (revision 316) +++ trunk/include/sh_calls.h (revision 317) @@ -40,5 +40,6 @@ #endif -int sh_calls_set_sub (const char * str); +void sh_calls_enable_sub(); +int sh_calls_set_sub (const char * str); long int retry_stat (const char * file, int line, @@ -46,4 +47,6 @@ long int retry_fstat(const char * file, int line, int filed, struct stat *buf); +long int retry_lstat_ns(const char * file, int line, + const char *file_name, struct stat *buf); long int retry_lstat(const char * file, int line, const char *file_name, struct stat *buf); Index: trunk/src/samhain.c =================================================================== --- trunk/src/samhain.c (revision 316) +++ trunk/src/samhain.c (revision 317) @@ -983,5 +983,9 @@ pid_t * pidlist; int i; - +#ifdef WCONTINUED + int wflags = WNOHANG|WUNTRACED|WCONTINUED; +#else + int wflags = WNOHANG|WUNTRACED; +#endif fullpath = strdup (SH_INSTALL_PATH); @@ -1030,5 +1034,5 @@ times = 0; while (times < 300) { - respid = waitpid(pid, &status, WNOHANG|WUNTRACED); + respid = waitpid(pid, &status, wflags); if ((pid_t)-1 == respid) { @@ -1473,4 +1477,6 @@ BREAKEXIT(sh_readconf_read); (void) sh_readconf_read (); + + sh_calls_enable_sub(); #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) Index: trunk/src/sh_calls.c =================================================================== --- trunk/src/sh_calls.c (revision 316) +++ trunk/src/sh_calls.c (revision 317) @@ -242,9 +242,52 @@ } +static int sh_enable_use_sub = 0; + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) +static int sh_use_sub = 1; +#else static int sh_use_sub = 0; +#endif + +void sh_calls_enable_sub() +{ + sh_enable_use_sub = 1; + return; +} int sh_calls_set_sub (const char * str) { - return sh_util_flagval(str, &sh_use_sub); + int ret = sh_util_flagval(str, &sh_use_sub); + + if ((ret == 0) && (!sh_use_sub)) + { + sh_kill_sub(); + } + return ret; +} + +long int retry_lstat_ns(const char * file, int line, + const char *file_name, struct stat *buf) +{ + int error; + long int val_retry = -1; + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("retry_lstat_ns")); + + do { + val_retry = /*@-unrecog@*/lstat (file_name, buf)/*@+unrecog@*/; + } while (val_retry < 0 && errno == EINTR); + + error = errno; + if (val_retry < 0) { + (void) sh_error_message(error, aud_err_message, 64); + sh_error_handle ((-1), file, line, error, MSG_ERR_LSTAT, + sh_error_message(error, errbuf, sizeof(errbuf)), + file_name ); + } + errno = error; + + SL_RETURN(val_retry, _("retry_lstat_ns")); } @@ -258,5 +301,5 @@ SL_ENTER(_("retry_lstat")); - if (sh_use_sub) + if (sh_use_sub && sh_enable_use_sub) { val_retry = sh_sub_lstat (file_name, buf); @@ -290,5 +333,5 @@ SL_ENTER(_("retry_stat")); - if (sh_use_sub) + if (sh_use_sub && sh_enable_use_sub) { val_retry = sh_sub_stat (file_name, buf); Index: trunk/src/sh_suidchk.c =================================================================== --- trunk/src/sh_suidchk.c (revision 316) +++ trunk/src/sh_suidchk.c (revision 317) @@ -193,4 +193,7 @@ /* Recursively descend into the directory to make sure that * there is no symlink in the path. + * + * Use retry_lstat_ns() here because we cannot chdir the subprocess + * that does the lstat(). */ static int do_truncate_int (char * path, int depth) @@ -226,5 +229,5 @@ { *q = '\0'; - if (0 != retry_lstat(FIL__, __LINE__, path, &one)) + if (0 != retry_lstat_ns(FIL__, __LINE__, path, &one)) { SH_MUTEX_LOCK(mutex_thread_nolog); @@ -260,5 +263,5 @@ } *q = '/'; - if (0 != retry_lstat(FIL__, __LINE__, ".", &two)) + if (0 != retry_lstat_ns(FIL__, __LINE__, ".", &two)) { sh_error_handle ((-1), FIL__, __LINE__, errno, @@ -288,5 +291,5 @@ if (*path == '\0') return -1; - if (0 != retry_lstat(FIL__, __LINE__, path, &one)) + if (0 != retry_lstat_ns(FIL__, __LINE__, path, &one)) { SH_MUTEX_LOCK(mutex_thread_nolog);