diff options
author | Rich Felker <dalias@aerifal.cx> | 2013-04-26 15:09:49 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2013-04-26 15:09:49 -0400 |
commit | a0473a0c826016aec1181819fcd4fff5c074f042 (patch) | |
tree | 141eb6c44848881263145754b2d323c98739fa05 /src/process/posix_spawn.c | |
parent | 43653c1250ad5eb5385d7e08292ad047420f8d25 (diff) | |
download | musl-a0473a0c826016aec1181819fcd4fff5c074f042.tar.gz musl-a0473a0c826016aec1181819fcd4fff5c074f042.tar.bz2 musl-a0473a0c826016aec1181819fcd4fff5c074f042.tar.xz musl-a0473a0c826016aec1181819fcd4fff5c074f042.zip |
remove explicit locking to prevent __synccall setuid during posix_spawn
for the duration of the vm-sharing clone used by posix_spawn, all
signals are blocked in the parent process, including
implementation-internal signals. since __synccall cannot do anything
until successfully signaling all threads, the fact that signals are
blocked automatically yields the necessary safety.
aside from debloating and general simplification, part of the
motivation for removing the explicit lock is to simplify the
synchronization logic of __synccall in hopes that it can be made
async-signal-safe, which is needed to make setuid and setgid, which
depend on __synccall, conform to the standard. whether this will be
possible remains to be seen.
Diffstat (limited to 'src/process/posix_spawn.c')
-rw-r--r-- | src/process/posix_spawn.c | 13 |
1 files changed, 0 insertions, 13 deletions
diff --git a/src/process/posix_spawn.c b/src/process/posix_spawn.c index dd450129..e6a031cc 100644 --- a/src/process/posix_spawn.c +++ b/src/process/posix_spawn.c @@ -10,12 +10,6 @@ #include "fdop.h" #include "libc.h" -static void dummy_0() -{ -} -weak_alias(dummy_0, __acquire_ptc); -weak_alias(dummy_0, __release_ptc); - struct args { int p[2]; sigset_t oldmask; @@ -144,10 +138,6 @@ int __posix_spawnx(pid_t *restrict res, const char *restrict path, args.envp = envp; pthread_sigmask(SIG_BLOCK, SIGALL_SET, &args.oldmask); - /* This lock prevents setuid/setgid operations while the parent - * is sharing memory with the child. Situations where processes - * with different permissions share VM are fundamentally unsafe. */ - __acquire_ptc(); pid = __clone(child, stack+sizeof stack, CLONE_VM|SIGCHLD, &args); close(args.p[1]); @@ -158,9 +148,6 @@ int __posix_spawnx(pid_t *restrict res, const char *restrict path, ec = -pid; } - /* At this point, the child has either exited or successfully - * performed exec, so the lock may be released. */ - __release_ptc(); close(args.p[0]); if (!ec) *res = pid; |