From: Igmar Palsenberg <igmar@palsenberg.com>
To: musl@lists.openwall.com
Subject: Re: abort() fails to terminate PID 1 process
Date: Mon, 4 Jul 2016 15:37:35 +0200 (CEST) [thread overview]
Message-ID: <alpine.LRH.2.20.1607041531310.30017@s1.palsenberg.com> (raw)
In-Reply-To: <20160703135846.GF15995@brightrain.aerifal.cx>
> Whether you realize it or not, what you're saying is equivalent to
> saying that it's UB for a process that runs as pid 1 to call abort().
> There is no basis for such a claim.
>
> A vague "pid 1 is special" rule (which the standard does not support
> except in a few very specific places where an implementation-defined
> set of processes are permitted to be treated in specific special ways)
> does not imply "calling a function whose behavior is well-defined can
> legitimately lead to runaway code execution if the pid is 1".
But doesn't "bevavior is well-defined" also imply that that function
behaves as it should ? If it doesn't, doesn't the "well-defined" no longer
apply ? I call it UB in this case.
The standard also says a process can't ignore a SIGKILL, but on pid 1, it
has no effect. I pretty much call that UB myself.
> > Can this even be reproduced under normal circumstances (aka : not pid 1) ?
> > If thes, then I agree : It's a bug. If no : Then not. If people have a
> > broken container init system, then it breaks and they keep the pieces.
>
> Yes.
It it can be reproducted when not pid 1, then agree, it's a bug.
> > > > Well, normally abort() does some signal magic, and then raises again.
> > > > Which is what POSIX mandates I think.
> > >
> > > To make this work reliably I think we need to make abort() take a lock
> > > the precludes further calls to sigaction prior to re-raising SIGABRT
> > > and resetting the disposition. But there are all sorts of
> > > complications to deal with. For example if another thread performs
> > > posix_spawn for fork and exec concurrent with abort() munging the
> > > disposition of SIGABRT, the child process could start with the wrong
> > > disposition for SIGABRT, which would be non-conforming. Finding ways
> > > to fix all places where the wrong behavior may be observable is a
> > > nontrivial problem.
> >
> > Does the whole guaranteed termination also includes threaded programs ?
>
> Of course. The fact that you're asking such basic questions tells me
> that you're bikeshedding this based on negative opinions of certain
> container usage cases and not offering constructive input based on
> what the specification actually requires.
I've seen this different in practice, that why I'm asking. I never
debugged that one issue, it just "disappared" at a certain point, which I
could never reproduce afterwards.
I'm not bikeshedding container usage, I'm just seeing broken implementation in the
wild (which do get rapidly fixed usually).
Igmar
next prev parent reply other threads:[~2016-07-04 13:37 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-18 20:32 Karl Böhlmark
2016-06-19 1:20 ` nathan
2016-06-20 9:02 ` Igmar Palsenberg
2016-06-20 10:04 ` Szabolcs Nagy
2016-06-20 12:00 ` Igmar Palsenberg
2016-06-20 19:41 ` Rich Felker
2016-07-03 10:43 ` Igmar Palsenberg
2016-07-03 13:58 ` Rich Felker
2016-07-03 19:58 ` Laurent Bercot
2016-07-03 20:01 ` Rich Felker
2016-07-03 20:20 ` Laurent Bercot
2016-07-03 20:24 ` Rich Felker
2016-07-04 13:38 ` Igmar Palsenberg
2016-07-04 13:37 ` Igmar Palsenberg [this message]
2016-07-05 3:07 ` Rich Felker
2016-07-30 21:24 ` Igmar Palsenberg
2016-06-20 10:29 ` Natanael Copa
2016-07-03 22:03 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LRH.2.20.1607041531310.30017@s1.palsenberg.com \
--to=igmar@palsenberg.com \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).