This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] [BZ #18433] Check file access/existence before forking.

From: Szabolcs Nagy <szabolcs dot nagy at arm dot com>
To: Zack Weinberg <zackw at panix dot com>, Florian Weimer <fweimer at redhat dot com>, navid Rahimi <rahimi dot nv at gmail dot com>, GNU C Library <libc-alpha at sourceware dot org>
Date: Wed, 16 Sep 2015 09:35:00 +0100
Subject: Re: [PATCH] [BZ #18433] Check file access/existence before forking.
Authentication-results: sourceware.org; auth=none
References: <55F19819 dot 3010601 at gmail dot com> <ACDB9D4B-30B6-46C1-9286-5F03594CEACC at panix dot com> <CAOUBrm3oeUVDM-q4VFP08gjEkD2UFaz0Xfq1oGBW+m76rDRu+A at mail dot gmail dot com> <CAKCAbMiYkywWeSiJ5jkH7r8eYMSOWFmYDsjEN3k5ZaTPEeJGXw at mail dot gmail dot com> <55F29C54 dot 5010809 at redhat dot com> <CAKCAbMgoVi6MygLG+7Higntpvum+LC4Z5gBH7CgO+iiFvfCLTA at mail dot gmail dot com> <55F6D3F4 dot 3080703 at arm dot com> <20150915220207 dot GC20252 at vapier dot lan>

On 15/09/15 23:02, Mike Frysinger wrote:

On 14 Sep 2015 15:04, Szabolcs Nagy wrote:

On 11/09/15 22:01, Zack Weinberg wrote:

On Fri, Sep 11, 2015 at 5:18 AM, Florian Weimer wrote:

All in all I am inclined to say leave things as they are.  Nobody uses
posix_spawn if they can help it, anyway :)


We need to move people off fork and clone to posix_spawn.  If it is
missing functionality, we should add it.


... I honestly have no idea why you say that.  I am under the


because fork has issues

- spawn process from a large application (memory overcommit off)
    is unreliable with fork.
- using it from a multi-threaded application (so from a library)
    is hard, because the child has to be AS-safe.
- leaks sensitive information to the child (the sensitive info
    is often managed by a library and there is no way of safely
    clearing it on fork).
- pthread_atfork is broken, further limiting the applicability
    of fork in multi-threaded code (it cannot be implemented if
    fork has to be AS-safe and the interface contract of the
    callbacks are ill-defined).
- it has no simple implementation if the underlying platform has
    no fork syscall with the right semantics (posix on windows,
    nommu,...)


how does posix_spawn mangically fix these things ?  it still calls
fork internally, and the use of the vfork flag is non-portable.
-mike


the api is such that user code is not run with a copy of the
address space in the child so an implementation without fork
is possible (that's the point of this api).

an implementation with fork is not useful as you noted.

an implementation with vfork is problematic in c because
the compiler is free to clobber the stack of the parent.

it can be implemented with clone and CLONE_VM on linux.
(see the musl posix_spawn by Rich Felker) and that solves
the problems (of course the kinds of actions before exec
are limited by the api so it's not always useful/simple).

Follow-Ups:
- Re: [PATCH] [BZ #18433] Check file access/existence before forking.
  - From: Zack Weinberg

References:
- [PATCH] [BZ #18433] Check file access/existence before forking.
  - From: Navid Rahimi
- Re: [PATCH] [BZ #18433] Check file access/existence before forking.
  - From: Zack Weinberg
- Re: [PATCH] [BZ #18433] Check file access/existence before forking.
  - From: navid Rahimi
- Re: [PATCH] [BZ #18433] Check file access/existence before forking.
  - From: Zack Weinberg
- Re: [PATCH] [BZ #18433] Check file access/existence before forking.
  - From: Florian Weimer
- Re: [PATCH] [BZ #18433] Check file access/existence before forking.
  - From: Zack Weinberg
- Re: [PATCH] [BZ #18433] Check file access/existence before forking.
  - From: Szabolcs Nagy
- Re: [PATCH] [BZ #18433] Check file access/existence before forking.
  - From: Mike Frysinger

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]