lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAG_fn=Xq_OaQdDSov8vAR-Lq8tDftGo=Pmp0p3q_LzLXDCFVvw@mail.gmail.com>
Date:	Tue, 15 Mar 2016 17:13:07 +0100
From:	Alexander Potapenko <glider@...gle.com>
To:	David Laight <David.Laight@...lab.com>
Cc:	"edumazet@...gle.com" <edumazet@...gle.com>,
	"rweikusat@...ileactivedefense.com" 
	<rweikusat@...ileactivedefense.com>,
	"davem@...emloft.net" <davem@...emloft.net>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [PATCH] af_unix: closed SOCK_SEQPACKET socketpair must get SIGPIPE

On Tue, Mar 15, 2016 at 2:46 PM, David Laight <David.Laight@...lab.com> wrote:
> From: Alexander Potapenko
>> Sent: 15 March 2016 09:04
>> According to IEEE Std 1003.1, 2013, sending data to a SOCK_SEQPACKET
>> socketpair with MSG_NOSIGNAL flag set must result in a SIGPIPE if the
>> socket is no longer connected.
> ...
>> Without the below patch the behavior is as follows:
>>
>> $ ./sock seqpacket
>> sendmsg: Broken pipe
> ...
>> The behavior of the patched kernel complies with POSIX:
>>
>> $  ./sock seqpacket
>> Killed by SIGPIPE
> ...
>
> While POSIX might specify this behaviour, changing the behaviour
> could easily break applications.
> Basically this change (more or less) require every application that
> uses SOCK_SEQPACKED to be audited to ensure that MSG_NOSIGNAL is set
> on ever send/write to the socket.
This is true, but the drawback of maintaining a non-standard behavior
is that people can't write portable code.
I couldn't find the exact place where the bug has been introduced, but
according to http://lxr.free-electrons.com/ SOCK_SEQPACKET sockets did
not respect MSG_NOSIGNAL from the very beginning
(http://lxr.free-electrons.com/source/net/unix/af_unix.c?v=3.8#L1723,
there was no such thing as SOCK_SEQPACKET in AF_UNIX in 2.4.37)
Unfortunately I don't know how to estimate the number of existing
users depending on this oddity, as well as the number of people that
have to work around it, so leaving it up to maintainers to decide
whether the fix is needed.

> Personally I think the whole SIGPIPE on sockets should never have been
> allowed to get into the standard.
> I don't remember MSG_NOSIGNAL being present in SYSV.
I think it was not.

> The only time you want a write into a pipe to generate SIGPIPE is
> for pipes generates by the shell that feed stdout to stdin of the
> next process in the pipeline.
> If pipes are implemented as unix-domain socketpairs (no one does that
> any more) then it would require the SIGPIPE for write().
>
>         David
>
>



-- 
Alexander Potapenko
Software Engineer

Google Germany GmbH
Erika-Mann-Straße, 33
80636 München

Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ