Date: Thu, 01 Oct 2020 17:11:19 +0200 From: Florian Weimer <fweimer@...hat.com> To: Rich Felker <dalias@...c.org> Cc: musl@...ts.openwall.com, Carlos O'Donell via Libc-alpha <libc-alpha@...rceware.org> Subject: Re: Re: [PATCH] Make abort() AS-safe (Bug 26275). * Rich Felker: > On Thu, Oct 01, 2020 at 08:08:24AM +0200, Florian Weimer wrote: >> * Rich Felker: >> >> > Even without fork, execve and posix_spawn can also see the SIGABRT >> > disposition change made by abort(), passing it on to a process that >> > should have started with a disposition of SIG_IGN if you hit exactly >> > the wrong spot in the race. >> >> My feeling is that it's not worth bothering with this kind of leakage. >> We've had this bug forever in glibc, and no one has complained about >> it. >> >> Carlos is investigating removal of the abort lock from glibc, I think. > > I don't think that's a good solution. The lock is really important in > that it protects against serious wrong behavior *within the process* > like an application-installed signal handler for SIGABRT getting > called more than once. I think glibc currently has this bug. We only avoid it for abort, but I'm not sure if it's a bug to handle the handler multiple times if abort is called more than once. But even for the more general case (threads call sigaction to install a SIGABRT handler): Do we actually need a lock there? We reach this state only after raise (SIGABRT) has returned. At this point, we can set a flag (not a lock), and every other thread that calls signal or sigaction would instead perform the late-stage SIG_DFL-for-SIGABRT part of abort? It probably still needs some fiddling with sigprocmask. Thanks, Florian -- Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.