Bug 17144 - syslog is not thread-safe if NO_SIGPIPE is not defined
Summary: syslog is not thread-safe if NO_SIGPIPE is not defined
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: 2.34
Assignee: Adhemerval Zanella
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-07-12 00:13 UTC by Rich Felker
Modified: 2021-04-15 15:00 UTC (History)
3 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rich Felker 2014-07-12 00:13:37 UTC
The Linux wrapper for misc/syslog.c defines NO_SIGPIPE and defines send_flags to MSG_NOSIGNAL so that SIGPIPE suppression is not needed. However if this file is ever used for non-Linux systems, the SIGPIPE suppression it does via sigaction is non-conforming to the POSIX requirement that syslog be thread-safe.

MSG_NOSIGNAL was added to POSIX in the 2008 edition, so I think the Linux-specific syslog.c should just be removed and instead the generic file should either assume MSG_NOSIGNAL is available, or check for it directly with #ifdef and have a thread-safe fallback if it's not defined. The thread-safe fallback is easy:

1. Block SIGPIPE with the signal mask.
2. Perform the operation that might raise SIGPIPE.
3. Clear any pending SIGPIPE with sigtimedwait and a zero timeout.
4. Unblock SIGPIPE.

However I doubt it's needed. The offending code should probably just be removed.
Comment 1 Adhemerval Zanella 2021-04-15 15:00:02 UTC
Fixed on 2.34.