| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Mar 2016 17:13:07 +0100 From: Alexander Potapenko <glider@...gle.com> To: David Laight <David.Laight@...lab.com> Cc: "edumazet@...gle.com" <edumazet@...gle.com>, "rweikusat@...ileactivedefense.com" <rweikusat@...ileactivedefense.com>, "davem@...emloft.net" <davem@...emloft.net>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: Re: [PATCH] af_unix: closed SOCK_SEQPACKET socketpair must get SIGPIPE On Tue, Mar 15, 2016 at 2:46 PM, David Laight <David.Laight@...lab.com> wrote: > From: Alexander Potapenko >> Sent: 15 March 2016 09:04 >> According to IEEE Std 1003.1, 2013, sending data to a SOCK_SEQPACKET >> socketpair with MSG_NOSIGNAL flag set must result in a SIGPIPE if the >> socket is no longer connected. > ... >> Without the below patch the behavior is as follows: >> >> $ ./sock seqpacket >> sendmsg: Broken pipe > ... >> The behavior of the patched kernel complies with POSIX: >> >> $ ./sock seqpacket >> Killed by SIGPIPE > ... > > While POSIX might specify this behaviour, changing the behaviour > could easily break applications. > Basically this change (more or less) require every application that > uses SOCK_SEQPACKED to be audited to ensure that MSG_NOSIGNAL is set > on ever send/write to the socket. This is true, but the drawback of maintaining a non-standard behavior is that people can't write portable code. I couldn't find the exact place where the bug has been introduced, but according to http://lxr.free-electrons.com/ SOCK_SEQPACKET sockets did not respect MSG_NOSIGNAL from the very beginning (http://lxr.free-electrons.com/source/net/unix/af_unix.c?v=3.8#L1723, there was no such thing as SOCK_SEQPACKET in AF_UNIX in 2.4.37) Unfortunately I don't know how to estimate the number of existing users depending on this oddity, as well as the number of people that have to work around it, so leaving it up to maintainers to decide whether the fix is needed. > Personally I think the whole SIGPIPE on sockets should never have been > allowed to get into the standard. > I don't remember MSG_NOSIGNAL being present in SYSV. I think it was not. > The only time you want a write into a pipe to generate SIGPIPE is > for pipes generates by the shell that feed stdout to stdin of the > next process in the pipeline. > If pipes are implemented as unix-domain socketpairs (no one does that > any more) then it would require the SIGPIPE for write(). > > David > > -- Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Straße, 33 80636 München Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg
Powered by blists - more mailing lists