Date: Mon, 24 May 2021 16:33:30 -0400 From: Rich Felker <dalias@...c.org> To: Alexey Izbyshev <izbyshev@...ras.ru> Cc: musl@...ts.openwall.com Subject: Re: Potentially infinite loop in posix_spawn'ed child On Mon, May 24, 2021 at 01:09:21PM +0300, Alexey Izbyshev wrote: > Hi, > > I've noticed the following loop at https://git.musl-libc.org/cgit/musl/tree/src/process/posix_spawn.c#n159: > > exec(args->path, args->argv, args->envp); > ret = -errno; > > fail: > /* Since sizeof errno < PIPE_BUF, the write is atomic. */ > ret = -ret; > if (ret) while (__syscall(SYS_write, p, &ret, sizeof ret) < 0); > _exit(127); > > Is there any reason that write is done in a loop? If SIGPIPE is > blocked or ignored and the parent dies before this point, the child > will spin in it forever. I suppose the special case of EPIPE should be considered here as no need to inform the parent. Are there any other errors that should be treated specially? > A test case is attached. It overrides execve() to abuse it as a > callback, avoiding reliance on timings. As noted that's undefined but it's completely reasonable as a way to do the testing. Using seccomp to make the parent die might be slightly less hackish but it doesn't matter. Thanks for the report. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.