Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 3 Jul 2018 11:17:56 -0400
From: Rich Felker <dalias@...c.org>
To: Florian Weimer <fweimer@...hat.com>
Cc: musl@...ts.openwall.com
Subject: Re: arc4random/csprng

On Tue, Jul 03, 2018 at 05:08:21PM +0200, Florian Weimer wrote:
> On 07/03/2018 04:47 PM, Rich Felker wrote:
> 
> >>The main lock (for non-current kernels) is needed for the fork
> >>detection counters.  Fork detection is required for compatibility
> >>with applications which call clone/fork system calls directly, so
> >
> >How do you consider this supported usage at all? The tid in the TCB
> >will be invalid after such a call, and other things may be broken too.
> 
> Right, robust mutexes are quite broken by this.

Not just robust. Due to tid reuse, if a single-threaded parent
bypasses libc to fork, then exits, the tid that was copied into the
child's TCB could get reused for a new thread in the child, thereby
allowing two threads to lock the same recursive mutex at the same
time. Lots of other versions of this are possible too whenever
TCB->tid has a value that's not reserved against reuse.

> But it's still quite common to do things with direct system calls,
> particularly for setting up containers.
> 
> I have not yet found a case which I couldn't solve with plain fork
> (with handlers) and unshare, but that's not what everyone does
> unfortunately.

I agree you might need direct use of clone sometime for
namespace/container stuff, but I don't think there's any way it can be
made safe without careful consideration of what you do after the
operation before a subsequent execve or _exit. I don't think it makes
sense to design big machinery to support doing something that has
deeper reasons it can't work, but this is probably partly a difference
in philosophy between glibc and musl (see also: dlclose, lazy dtls,
lazy tlsdesc, ...).

Rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.