From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Subject: Re: [musl] Restrictions on child context after multithreaded fork
Date: Sat, 15 Aug 2020 21:27:00 -0400 [thread overview]
Message-ID: <20200816012700.GV3265@brightrain.aerifal.cx> (raw)
In-Reply-To: <20200815162547.GU3265@brightrain.aerifal.cx>
On Sat, Aug 15, 2020 at 12:25:47PM -0400, Rich Felker wrote:
> On Sat, Aug 15, 2020 at 01:51:00PM +0200, Natanael Copa wrote:
> > xfce4-terminal was more or less completely useless so I had to add a workaround for it in two patches:
> >
> > First uncover a useless setenv. Even the comment in the code says that it has no effect:
> > https://git.alpinelinux.org/aports/commit/community/vte3?id=ad687b01b2a5fa9d53fcd9d0ee3743882f3542b4
> >
> > In the second patch I use some of the hunks in the upstream and replace malloc with alloca:
> > https://git.alpinelinux.org/aports/commit/community/vte3?id=161434fcb87807dae40dffdd332db1624b747bc7
> >
> > After that xfce4-terminal becomes useable again.
>
> I'm not sure whether the alloca is safe. The parent could just do this
> allocation *before fork* rather than waiting til the last minute to do
> it. The data does not change between fork and exec. Note that the glib
> fix cited above did this right.
>
> The hardcoded fallback for fd limit seems like a bad idea, and I don't
> think I understand your fallback sequence. It looks like RLIM_INFINITY
> gets reinterpreted as 4096. I'm not sure how it should be interpreted;
> in principle, probably as INT_MAX+1U. This is again exposing how the
> whole "close-all" idiom is horribly wrong and these libraries should
> just be documenting that you must use O_CLOEXEC correctly if you don't
> want them to leak file descriptors.
Fortunately it looks like Linux doesn't let you set RLIM_INFINITY for
RLIM_NOFILE. The value of the rlimit is limited by sysctl fs.nr_open,
and fs.nr_open is limited between sysctl_nr_open_min (==BITS_PER_LONG)
and sysctl_nr_open_max. The latter is INT_MAX/8*8 on 64-bit archs, and
SIZE_MAX/16*4 on 32-bit archs. But in any case, on Linux, you can rely
on sysctl(_SC_OPEN_MAX) to give an actual meaningful number that fits
in the range of long, not -1/unlimited, and thus the invalid fallback
case is never hit.
Rich
next prev parent reply other threads:[~2020-08-16 1:27 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-14 21:41 Rich Felker
2020-08-14 22:02 ` Florian Weimer
2020-08-14 22:14 ` Rich Felker
2020-08-15 0:47 ` A. Wilcox
2020-08-15 2:40 ` Rich Felker
2020-08-15 2:07 ` Ariadne Conill
2020-08-15 3:02 ` Rich Felker
2020-08-15 6:51 ` Timo Teras
2020-08-15 11:51 ` Natanael Copa
2020-08-15 16:25 ` Rich Felker
2020-08-16 1:27 ` Rich Felker [this message]
2020-08-16 12:48 ` Natanael Copa
2020-08-16 3:57 ` Rich Felker
2020-08-16 9:10 ` Florian Weimer
2020-08-16 16:56 ` Rich Felker
2020-08-16 17:11 ` Florian Weimer
2020-08-16 18:33 ` Rich Felker
2020-08-16 7:05 ` Pirmin Walthert
2020-08-16 16:55 ` Rich Felker
2020-09-30 18:38 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200816012700.GV3265@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).