From 51ec73cbd922a76fc0f60e1d8d33acd7caa5d587 Mon Sep 17 00:00:00 2001
From: Julian Brost <julian.brost@icinga.com>
Date: Fri, 1 Aug 2025 11:27:48 +0200
Subject: [PATCH] Send signals as Icinga user in safe-reload and logrotate

In contrast to the regular `kill` binary, `icinga2 internal signal` drops
permissions before sending the signal. This is important as the PID file can be
written by the Icinga user, dropping the permissions prevents that user from
using this to send signals to processes it is not supposed to signal.

SIGUSR1 wasn't among the list of signals supported by `icinga2 internal
signal`, so it is added there.
---
 etc/initsystem/safe-reload.cmake  | 2 +-
 etc/logrotate.d/icinga2.cmake     | 2 +-
 lib/cli/internalsignalcommand.cpp | 2 ++
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/etc/initsystem/safe-reload.cmake b/etc/initsystem/safe-reload.cmake
index 0cba415d0..6bcf6c00f 100644
--- a/etc/initsystem/safe-reload.cmake
+++ b/etc/initsystem/safe-reload.cmake
@@ -43,7 +43,7 @@ if [ ! -e "$ICINGA2_PID_FILE" ]; then
 fi
 
 pid=`cat "$ICINGA2_PID_FILE"`
-if ! kill -HUP "$pid" >/dev/null 2>&1; then
+if ! "$DAEMON" internal signal --sig SIGHUP --pid "$pid" >/dev/null 2>&1; then
 	echo "Error: Icinga not running"
 	exit 7
 fi
diff --git a/etc/logrotate.d/icinga2.cmake b/etc/logrotate.d/icinga2.cmake
index f0a9e59ae..a635301ae 100644
--- a/etc/logrotate.d/icinga2.cmake
+++ b/etc/logrotate.d/icinga2.cmake
@@ -6,7 +6,7 @@
 	missingok
 	notifempty@LOGROTATE_CREATE@
 	postrotate
-		/bin/kill -USR1 $(cat @ICINGA2_INITRUNDIR@/icinga2.pid 2> /dev/null) 2> /dev/null || true
+		@CMAKE_INSTALL_FULL_SBINDIR@/icinga2 internal signal --sig SIGUSR1 --pid "$(cat @ICINGA2_INITRUNDIR@/icinga2.pid 2> /dev/null)" 2> /dev/null || true
 	endscript
 }
 
diff --git a/lib/cli/internalsignalcommand.cpp b/lib/cli/internalsignalcommand.cpp
index b98e6c621..201a5119c 100644
--- a/lib/cli/internalsignalcommand.cpp
+++ b/lib/cli/internalsignalcommand.cpp
@@ -57,6 +57,8 @@ int InternalSignalCommand::Run(const boost::program_options::variables_map& vm,
 		return kill(vm["pid"].as<int>(), SIGCHLD);
 	if (signal == "SIGHUP")
 		return kill(vm["pid"].as<int>(), SIGHUP);
+	if (signal == "SIGUSR1")
+		return kill(vm["pid"].as<int>(), SIGUSR1);
 
 	Log(LogCritical, "cli") << "Unsupported signal \"" << signal << "\"";
 #else