Detect death of parent process from `setuid` process

Question

I write C application that calls fork() to create child processes. The application runs as root. In the parent process, I use wait() for waiting terminated child processes. In child processes, I use prctl() with PR_SET_PDEATHSIG option to detect the death of the parent. It works fine. To reduce the risk of security issues, child processes call setuid() to change UID. The problem is: child processes can not detect the death of the parent one any more.

I have searched around to find the answer and found some useful links, but it does not help:

• Detect death of parent process
• Enforcing process hierarchies (prctl related) : although this link contains a clear answer, there is no solution.

How to do that correctly?

Answer 1

I just stumbled upon the same issue, the kernel resets the PDEATH signal on credential change:

https://github.com/torvalds/linux/blob/master/kernel/cred.c#L450

This can be verified with the following code and strace -f:

#include <sys/prctl.h>
#include <unistd.h>
#include <signal.h>

int main(int argc, char *argv[])
{
        if (fork() == 0) {
                // This works as expected
                setgid(1000);                                                                                                                                                                                       
                setuid(1000);

                prctl(PR_SET_PDEATHSIG, SIGTERM);

                // This doesn't work since pdeath_signal will be reset
                // setgid(1000);
                // setuid(1000);

                pause();
        }
        sleep(1);
        kill(getpid(), SIGTERM);
        return (0);
}