Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20200403162958.GC11469@brightrain.aerifal.cx>
Date: Fri, 3 Apr 2020 12:29:58 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: doubt about fork

On Fri, Apr 03, 2020 at 11:28:54AM +0200, Szabolcs Nagy wrote:
> * guolongqiang <guolongqiang@...wei.com> [2020-04-03 06:37:44 +0000]:
> > Hello,
> > I have a problem about multi threads fork. The implement of fork not lock such as stdio file,
> > __thread_list_lock, or other global mutexs in musl libc before syscall of SYS_clone, this will
> > cause dead lock in child. Is this a bug?
> 
> the standard is pretty clear that the child after fork
> in a multi-threaded process can only do async-signal-safe
> operations, anything that may lock is not as-safe.
> 
> https://pubs.opengroup.org/onlinepubs/9699919799/functions/fork.html

Note that future editions of POSIX might change this by removing the
requirement that fork be AS-safe and adding _fork (I may be
misremembering the name but it's something like that) to be AS-safe.
So it's possible this could change in the future. But for now, indeed,
what you can do in the child if a multithreaded process forks is
extremely limited.

As an aside, musl will continue to track the standards, but personally
I'm against any such "improvements" to fork because I'm against fork
itself. Use of fork without immediate exec (that could be replaced by
posix_spawn or vfork) makes software incompatible with a MMU-less
environment and significantly harms security/hardening properties --
all potentially secret data from the parent that hasn't been scrubbed
leaks into the child where it might be disclosed later, and the child
lacks independent ASLR from the parent (see the classic Android Zygote
issue that completely undermined ASLR). It also significantly harms
memory usage accounting and performance by requiring that all of the
parent's memory usage continue to be charged against the child too
even if the child will not use most of it, and by converting all
writable pages in both the parent and child to copy-on-write (making
next access fault). Modern designs should serialize whatever data the
child is actually intending to use and spawn/exec a child that
deserializes it.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.