From owner-freebsd-hackers@FreeBSD.ORG  Fri Sep 14 11:45:56 2012
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 807D61065670;
	Fri, 14 Sep 2012 11:45:56 +0000 (UTC)
	(envelope-from erik@cederstrand.dk)
Received: from csmtp3.one.com (csmtp3.one.com [91.198.169.23])
	by mx1.freebsd.org (Postfix) with ESMTP id 3D4E68FC08;
	Fri, 14 Sep 2012 11:45:55 +0000 (UTC)
Received: from [192.168.1.18] (unknown [217.157.7.221])
	by csmtp3.one.com (Postfix) with ESMTPA id 7DD212413A27;
	Fri, 14 Sep 2012 11:45:49 +0000 (UTC)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 6.0 \(1486\))
From: Erik Cederstrand <erik@cederstrand.dk>
In-Reply-To: <k2v2te$ok1$1@ger.gmane.org>
Date: Fri, 14 Sep 2012 13:45:49 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <52517366-C10B-4CAA-BDDF-31E2098CBDA3@cederstrand.dk>
References: <035514CA-81D6-407F-A2C1-51A9FB0E3A74@cederstrand.dk>
	<k2v2te$ok1$1@ger.gmane.org>
To: Ivan Voras <ivoras@FreeBSD.org>
X-Mailer: Apple Mail (2.1486)
Cc: freebsd-hackers@freebsd.org
Subject: Re: Change vfork() to posix_spawn()?
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Sep 2012 11:45:56 -0000

Den 14/09/2012 kl. 13.03 skrev Ivan Voras <ivoras@FreeBSD.org>:

> On 14/09/2012 09:49, Erik Cederstrand wrote:
>> Hello hackers,
>>=20
>> I'm looking through the Clang Analyzer scans on =
http://scan.freebsd.your.org/freebsd-head looking for false positives to =
report back to LLVM. There are quite a list of reports suggesting to =
change vfork() calls to posix_spawn(). Example from /bin/rpc: =
http://scan.freebsd.your.org/freebsd-head/bin.rcp/2012-09-12-amd64/report-=
nsOV80.html#EndPath
>>=20
>> I know nothing about this but I can see fork and posix_spawn have =
been discussed on this list previously. Is this a legitimate warning (in =
this case and in general in FreeBSD base)?
>=20
> Currently (on 9-stable at least), posix_spawn() is implemented as a
> wrapper around vfork(), so I doubt replacing one with the other would =
do
> much.

The analyzer added this warning in January. The release notes link to =
this explanation: =
https://www.securecoding.cert.org/confluence/display/seccode/POS33-C.+Do+n=
ot+use+vfork()

I guess this is the important part:

"Because of the implementation of the vfork() function, the parent =
process is suspended while the child process executes. If a user sends a =
signal to the child process, delaying its execution, the parent process =
(which is privileged) is also blocked. This means that an unprivileged =
process can cause a privileged process to halt, which is a privilege =
inversion resulting in a denial of service."

Erik=