From: Szabolcs Nagy <nsz@port70.net>
To: musl@lists.openwall.com
Subject: Re: abort() fails to terminate PID 1 process
Date: Mon, 20 Jun 2016 12:04:43 +0200 [thread overview]
Message-ID: <20160620100443.GV22574@port70.net> (raw)
In-Reply-To: <alpine.LRH.2.20.1606201057530.32674@s1.palsenberg.com>
* Igmar Palsenberg <igmar@palsenberg.com> [2016-06-20 11:02:15 +0200]:
> > #include <stdlib.h>
> > int main ()
> > {
> > abort();
> > }
> >
> > with "unshare --fork --pid" so that it runs as PID 1 in it's own PID
> > namespace.
> >
> > Would it be reasonable to add a fallback strategy in abort() for terminating
> > processes when the signals don't have any effect?
>
> This is a bad idea.
>
> First, processes kan install handlers, which might
> instruct the kernel to ignore the signal. SIGABORT can be ignored. I don't
abort() should terminate the process even if SIGABRT is ignored.
> expect my process to be SIGILL'ed next because of this (which, can also be
> ignored).
> Libc should NOT mess with these kind of things, that's up to the
> application.
the glibc fallbacks are
change signal mask and set default handling for SIGABRT
raise(SIGABRT);
"abort instruction" (segfault, sigtrap or sigill depending on target)
_exit(127);
infinite loop
http://sourceware.org/git/?p=glibc.git;a=blob;f=stdlib/abort.c;h=155d70b0647e848f1d40fc0e3b15a2914d7145c0;hb=HEAD
on x86 glibc, pid 1 would terminate with SIGSEGV
(unless there is a segfault handler).
the musl logic is explained in
http://git.musl-libc.org/cgit/musl/commit/?id=2557d0ba47286ed3e868f8ddc9dbed0942fe99dc
neither of them is correct because it is not possible to
exit with the right status in general.
SIGKILL can only be ignored by pid 1 whose exit status is
not supposed to be observable so musl may want to have a
fallback after it since the pid namespace thing is nowadays
widely abused on linux.
>
> Second the behaviour you're seeing is due to the kernel's special PID 1
> handling : It ignores signals send to pid 1 for which an explicit handler
> has nog been installed.
>
> Remedy : Fix your application. Better : Fix your whole setup, if you need
> these changes, it's broken by design.
>
>
>
> Igmar
next prev parent reply other threads:[~2016-06-20 10:04 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-18 20:32 Karl Böhlmark
2016-06-19 1:20 ` nathan
2016-06-20 9:02 ` Igmar Palsenberg
2016-06-20 10:04 ` Szabolcs Nagy [this message]
2016-06-20 12:00 ` Igmar Palsenberg
2016-06-20 19:41 ` Rich Felker
2016-07-03 10:43 ` Igmar Palsenberg
2016-07-03 13:58 ` Rich Felker
2016-07-03 19:58 ` Laurent Bercot
2016-07-03 20:01 ` Rich Felker
2016-07-03 20:20 ` Laurent Bercot
2016-07-03 20:24 ` Rich Felker
2016-07-04 13:38 ` Igmar Palsenberg
2016-07-04 13:37 ` Igmar Palsenberg
2016-07-05 3:07 ` Rich Felker
2016-07-30 21:24 ` Igmar Palsenberg
2016-06-20 10:29 ` Natanael Copa
2016-07-03 22:03 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160620100443.GV22574@port70.net \
--to=nsz@port70.net \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).