Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20130203203637.GP6181@port70.net>
Date: Sun, 3 Feb 2013 21:36:37 +0100
From: Szabolcs Nagy <nsz@...t70.net>
To: musl@...ts.openwall.com
Subject: Re: vfork replacement proposal

* Rich Felker <dalias@...ifal.cx> [2013-02-03 13:49:23 -0500]:
> On Mon, Dec 31, 2012 at 03:34:17PM -0500, Rich Felker wrote:
> > 4. In the child, close the read end of the pipe and then shuffle file
> > descriptors as needed (for setting up stdin/out for popen, or file
> > actions for posix_spawn[p]), but with the added stipulations A-C:
> > 
> > A. Before closing or dup2'ing onto a file descriptor in file actions,
> > check to see if it's occupied by the pipe fd, and if so, use fcntl
> > F_DUPFD_CLOEXEC to move it to a new number first.
> > 
> > B. Before calling open in file actions, always use fcntl with
> > F_DUPFD_CLOEXEC and close the original pipe fd, to ensure that the
> > pipe is never occupying the otherwise-lowest-available fd number.
> 
> I was wrong about (B); the "open" file action does not assign the
> lowest-available fd, but a caller-chosen fd. Thus, for our purposes,
> it's just like close or dup2, targetting a known fd number. This means
> the same logic can be used for all three operations, and it can be
> based on dup() rather than F_DUPFD_CLOEXEC. Note that F_DUPFD_CLOEXEC
> is actually not viable because it's missing on slightly-old kernels
> (up through mid 2.6 series), but we don't need atomicity anyway since
> this thread/process is fully under posix_spawn's control.
> 
> Also, I think it would be possible to abandon the "shuffling" logic
> and compute in advance a safe fd number to put the pipe on. 
> 
> Finally, it seems posix_spawn will be sufficient as a backend for
> implementing popen, wordexp, and system, so I just put all the logic
> in posix_spawn itself rather than trying to design a more abstract API
> with callbacks for the specific caller case.
> 

hm, is it possible to have a non-forking spawn that covers all the
fork+exec cases? (things one might want to do before exec, eg by
specifying extra attributes..)

as far as i can see posix_spawn handles these:

 setenv
 fds (file_actions, O_CLOEXEC)
 setpgid (POSIX_SPAWN_SETPGROUP)
 drop euid, egid (POSIX_SPAWN_RESETIDS)
 sigmask, default sighandlers (POSIX_SPAWN_SETSIGMASK, POSIX_SPAWN_SETSIGDEF)
 sched param/policy (POSIX_SPAWN_SETSCHEDPARAM, POSIX_SPAWN_SETSCHEDULER)

but not these:

 setsid
 setuid, setgid, setgroups
 chdir
 chroot
 rlimits
 enable ptrace
 ioctl, setctty/noctty
 prctl, parent death signal
 (maybe others..)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.