lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <51D52134.8080601@redhat.com>
Date:	Thu, 04 Jul 2013 09:16:04 +0200
From:	Denys Vlasenko <dvlasenk@...hat.com>
To:	Oleg Nesterov <oleg@...hat.com>
CC:	Al Viro <viro@...iv.linux.org.uk>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Change SIGPIPE's siginfo.si_code from SI_USER to SI_KERNEL.

On 07/03/2013 09:54 PM, Oleg Nesterov wrote:
> On 07/03, Denys Vlasenko wrote:
>>
>> @@ -514,7 +514,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov,
>>  	__pipe_lock(pipe);
>>
>>  	if (!pipe->readers) {
>> -		send_sig(SIGPIPE, current, 0);
>> +		send_sig(SIGPIPE, current, 1);
> 
> Honestly, I simply have no idea what makes more sense in this case...

I guess I should have explained what prompted me to send this patch.

I am coding up a gdb extension which looks at a process which received
a signal and tries some heuristics on it which sya whether the observed
signal is a crash, and if it is, how likely it to be exploitable.
For example, a SIGSEGV due to smashed stack is more likely to be
a result of exploitable bug than a division by zero.

I want to quickly filter out cases where signal is clearly not a result
of program bug. Say, if program dies from SIGSEGV (or SIGBUS,
or SIGSYS...) which was *sent by the user via kill(2)*,
then it is not a bug in the program.

Naively, it looks like "if (siginfo.si_code <= 0) not_a_bug()"
is what would do that. In particular, si_code == 0 (SI_USER)
is set by kill(2).

But then I discovered that SI_USER is also set by signals
from other sources. SIGPIPE from write(2) is one of them.

This basically makes "si_code == SI_USER" condition non-informative:
userspace can't really draw any useful conclusion from seeing that.
"Maybe it was a kill(2), maybe it was from kernel". Not good.

Note that other similar signals, say, a SIGTTIN received
when backgrounded read(2) attempts to read from a tty,
use SI_KERNEL code. There is no consistency already.

-- 
vda



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ