From: Rich Felker <dalias@libc.org>
To: Joshua Hudson <joshudson@gmail.com>
Cc: musl <musl@lists.openwall.com>
Subject: Re: Re: Hangup calling setuid() from vfork() child
Date: Mon, 30 Sep 2019 18:47:53 -0400 [thread overview]
Message-ID: <20190930224753.GX9017@brightrain.aerifal.cx> (raw)
In-Reply-To: <CA+jjjYTQ1cnHeHr2PFMPSvUiAKy3wAQ98fA5JvXsJoPnS_v60w@mail.gmail.com>
On Mon, Sep 30, 2019 at 01:45:07PM -0700, Joshua Hudson wrote:
> > Basically, the vfork() child is in an invalid state and this cannot be repaired without damaging the parent.
>
> Works on glibc just fine.
>
> setuid() is on the list of signal-safe functions.
AS-safety is not sufficient to make usage after vfork valid.
> http://man7.org/linux/man-pages/man7/signal-safety.7.html
>
> How about you call getpid() and check if you're on the process you
> think you're on before calling __synccall?
That could be done, but has ABA issues, and it's just the first step
of a game of whack-a-mole and gives a false hope that things that
can't work might work.
> Somebody else might have done syscall(SYS_fork).
Bypassing the fork function to fork by yourself yields a state where
you can't use libc. There will be lots of things broken. Thread's idea
of its own tid is wrong, robust list wrongly registers ownership of
mutexes you don't own, etc.
Presently the clone() function has issues like this too. They should
be analyzed and addressed at some point.
> > So you might want to enable memory overcommit.
>
> I'm tired of paying the page fault penalty in the parent. It has a
> majority of system RAM, and most of the pages are CoW long after the
> vfork child hits execve.
If at all possible, use posix_spawn. It solves this problem cleanly.
Rich
next prev parent reply other threads:[~2019-09-30 22:47 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-30 20:45 Joshua Hudson
2019-09-30 22:47 ` Rich Felker [this message]
2019-10-01 5:54 ` Florian Weimer
2019-10-01 9:29 ` Szabolcs Nagy
2019-10-01 11:44 ` Rich Felker
-- strict thread matches above, loose matches on Subject: below --
2019-09-30 19:57 Joshua Hudson
2019-09-30 20:24 ` Markus Wichmann
2019-09-30 20:27 ` Szabolcs Nagy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190930224753.GX9017@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=joshudson@gmail.com \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).