Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 16 Aug 2020 14:48:54 +0200
From: Natanael Copa <ncopa@...inelinux.org>
To: Rich Felker <dalias@...c.org>
Cc: musl@...ts.openwall.com
Subject: Re: Restrictions on child context after multithreaded fork

On Sat, 15 Aug 2020 21:27:00 -0400
Rich Felker <dalias@...c.org> wrote:

> On Sat, Aug 15, 2020 at 12:25:47PM -0400, Rich Felker wrote:
> > On Sat, Aug 15, 2020 at 01:51:00PM +0200, Natanael Copa wrote:  
> > > xfce4-terminal was more or less completely useless so I had to add a workaround for it in two patches:
> > > 
> > > First uncover a useless setenv. Even the comment in the code says that it has no effect:
> > > https://git.alpinelinux.org/aports/commit/community/vte3?id=ad687b01b2a5fa9d53fcd9d0ee3743882f3542b4
> > > 
> > > In the second patch I use some of the hunks in the upstream and replace malloc with alloca:
> > > https://git.alpinelinux.org/aports/commit/community/vte3?id=161434fcb87807dae40dffdd332db1624b747bc7
> > > 
> > > After that xfce4-terminal becomes useable again.  
> > 
> > I'm not sure whether the alloca is safe. The parent could just do this
> > allocation *before fork* rather than waiting til the last minute to do
> > it. The data does not change between fork and exec. Note that the glib
> > fix cited above did this right.

That's why I called it a workaround and not a fix. They did refactor
the code but didn't want to backport it.

> > 
> > The hardcoded fallback for fd limit seems like a bad idea, and I don't
> > think I understand your fallback sequence. It looks like RLIM_INFINITY
> > gets reinterpreted as 4096. I'm not sure how it should be interpreted;
> > in principle, probably as INT_MAX+1U. This is again exposing how the
> > whole "close-all" idiom is horribly wrong and these libraries should
> > just be documenting that you must use O_CLOEXEC correctly if you don't
> > want them to leak file descriptors.  
> 
> Fortunately it looks like Linux doesn't let you set RLIM_INFINITY for
> RLIM_NOFILE. The value of the rlimit is limited by sysctl fs.nr_open,
> and fs.nr_open is limited between sysctl_nr_open_min (==BITS_PER_LONG)
> and sysctl_nr_open_max. The latter is INT_MAX/8*8 on 64-bit archs, and
> SIZE_MAX/16*4 on 32-bit archs. But in any case, on Linux, you can rely
> on sysctl(_SC_OPEN_MAX) to give an actual meaningful number that fits
> in the range of long, not -1/unlimited, and thus the invalid fallback
> case is never hit.
> 
> Rich

I think you have good points. Would be good to forward those upstream:
https://gitlab.gnome.org/GNOME/vte/-/commit/ed78b9e2ec47675a9dccf045caca4d7a0b6c9fe8

-nc

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.