Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 20 Oct 2017 02:11:35 +0200
From: Petr Skocik <pskocik@...il.com>
To: musl@...ts.openwall.com
Subject: Re: musl 1.1.17 released

Hi.
Since posix_spawn is being discussed, I'd like to report a what I think is
a bug in the current implementation:
Since the child is unmasking its signals only after it's performed its file
actions, the process may get blocked indefinitely (e.g., on a FIFO
open) while being unresponsive to signals.

Example program (with close to no error checking):


#define _GNU_SOURCE
#include <unistd.h>
#include <spawn.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
int main()
{
pid_t pid;
mkfifo("fifo", 0640);
posix_spawn_file_actions_t fa;
posix_spawn_file_actions_init(&fa);
posix_spawn_file_actions_addopen(&fa, 0, "fifo", O_RDONLY, 0);
posix_spawnp(&pid, "tr", &fa, 0, (char *const[]){ "tr", "a-z", "A-Z", 0},
environ);

        //will get stuck here

}


It  think the pthread_mask call should be moved above the file actions,
which fixes this problem.

Additionally, as far as extensions to the current POSIX standard are
concerned, adding the herein (http://austingroupbugs.net/view.php?id=411)
proposed change to *adddup2 semantics (clearing the FD_CLOEXEC flag on the
 (given target in dup2 file actions where the source and target
filedescriptor are identical) would be super nice (the reasoning for it
should be in the link).

Finally, I noticed the error passing code can be reduced to a simple write
to a volatile int made from the child (purely cosmetic).

Attached are patches for these 3 things in case you wanted them. (I hope
I'm not doing something stupid.)

Best regards and thanks for the project!

On Thu, Oct 19, 2017 at 10:13 PM, Rich Felker <dalias@...c.org> wrote:

> *** Due to at least one fairly serious security bug, all users should
> upgrade or patch. ***
>
>
> This release fixes numerous bugs affecting visible behavior and
> safety/internal consistency, including a stack-based buffer overflow
> in dns parsing and multiple sources of invalid memory accesses that
> may lead to crashes. See the release notes in WHATSNEW for details.
>
> Many new features have also been added, including deferred symbol
> binding in the dynamic linker (RTLD_LAZY emulation), an option to
> overrid argv[0] when running ldso to execute a program, support for
> starting new sessions via posix_spawn (POSIX_SPAWN_SETSID, accepted
> for standardization), and ability to query the active thread-local
> locale (via _NL_LOCALE_NAME extension). Improvements in compatibility
> with applications, build tools, and platforms have also been made.
>
> https://www.musl-libc.org/releases/musl-1.1.17.tar.gz
> https://www.musl-libc.org/releases/musl-1.1.17.tar.gz.asc
>
> Special thanks to musl's release sponsors (patreon.com/musl):
>
> * Justin Cormack
> * Jevin Sweval
> * Les Aker
> * Neal Gompa
> * Hurricane Labs (hurricanelabs.com)
> * The Midipix Project (midipix.org)
>

Content of type "text/html" skipped

View attachment "0001-simplify-posix_spawn-by-avoiding-the-error-pipe.patch" of type "text/x-patch" (3161 bytes)

View attachment "0002-make-addup2-remove-FD_CLOEXEC-if-the-descriptors-are.patch" of type "text/x-patch" (2337 bytes)

View attachment "0003-posix_spawn-unmask-signals-before-potentially-long-b.patch" of type "text/x-patch" (1925 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.