Bug 17144

Summary: syslog is not thread-safe if NO_SIGPIPE is not defined
Product: glibc Reporter: Rich Felker <bugdal>
Component: libcAssignee: Not yet assigned to anyone <unassigned>
Status: NEW ---    
Severity: normal CC: drepper.fsp, fweimer
Priority: P2 Flags: fweimer: security-
Version: unspecified   
Target Milestone: ---   
Host: Target:
Build: Last reconfirmed:

Description Rich Felker 2014-07-12 00:13:37 UTC
The Linux wrapper for misc/syslog.c defines NO_SIGPIPE and defines send_flags to MSG_NOSIGNAL so that SIGPIPE suppression is not needed. However if this file is ever used for non-Linux systems, the SIGPIPE suppression it does via sigaction is non-conforming to the POSIX requirement that syslog be thread-safe.

MSG_NOSIGNAL was added to POSIX in the 2008 edition, so I think the Linux-specific syslog.c should just be removed and instead the generic file should either assume MSG_NOSIGNAL is available, or check for it directly with #ifdef and have a thread-safe fallback if it's not defined. The thread-safe fallback is easy:

1. Block SIGPIPE with the signal mask.
2. Perform the operation that might raise SIGPIPE.
3. Clear any pending SIGPIPE with sigtimedwait and a zero timeout.
4. Unblock SIGPIPE.

However I doubt it's needed. The offending code should probably just be removed.