This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On 17 May 2015 16:02, Geoffrey Thomas wrote: > If grantpt() is called from a thread that is masking signals (for > instance, from a program using signalfd or using a dedicated > signal-handling thread), then thas mask will get inherited to pt_chown. > This means that signals like SIGINT will not interrupt grantpt(), so if it > hangs (e.g., because getgrnam("tty") hangs on a remote name service), > Ctrl-C will terminate the parent process but leave grantpt() around. Since > it's setuid, it's hard to kill any other way. recent systems (for years now) should be mounting /dev/pts which means pt_chown isn't needed at all. are you using an old distro ? or is your glibc misconfigured ? considering /dev/pts has been in all the kernel versions we now require, maybe we should drop support for pt_chown on at least Linux ? make it a hard failure if you try to enable it there. also, the code needs to be audited to make sure that sending arbitrary signals can't be abused to make it skip security checks or leave things in a bad state. rather than unmask all, it might want to unmask one and make sure that one results in its immediate death. > + /* Clear any signal mask from the parent process. */ > + sigemptyset(&sigset); > + sigprocmask(SIG_SETMASK, &sigset, NULL); GNU style says to put a space before the ( -mike
Attachment:
signature.asc
Description: Digital signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |