Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241205022810.GM10433@brightrain.aerifal.cx>
Date: Wed, 4 Dec 2024 21:28:11 -0500
From: Rich Felker <dalias@...c.org>
To: JinCheng Li <naiveli233@...look.com>
Cc: "musl@...ts.openwall.com" <musl@...ts.openwall.com>,
	Markus Wichmann <nullplan@....net>
Subject: Re: Do we need to enhance robustness in the signal mask?

On Wed, Dec 04, 2024 at 07:00:02AM +0000, JinCheng Li wrote:
> Hi
> 
> 
> > Can you clarify what situation you're concerned about?
> 
> The specified scenario is as Markus said, I can just use
> pthread_sigmask(SIG_SETMASK, 0, &ss) to unblock all signals in the
> timer notification function. And due to the SIG_DFL handler of the
> SIGTIMER signal, the next timer expiration will then kill the
> process. I provided a demo in the email.

OK, indeed this is a problem. But the Android approach to protecting
from it doesn't fully solve the problem, because there's a hidden
setprocmask in every sigreturn that we can't easily (not without
wrapping signal handling) intercept and modify the mask for.

There are solutions I think that involve always masking SIGTIMER in
sigsets the way the other internal signals are always unmasked, but
this incurs special logic for SIG_UNBLOCK.

Just getting rid of SIGTIMER would be ideal. Let me review how
difficult this would be.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.