Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 14 Sep 2012 13:45:49 +0200
From:      Erik Cederstrand <erik@cederstrand.dk>
To:        Ivan Voras <ivoras@FreeBSD.org>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Change vfork() to posix_spawn()?
Message-ID:  <52517366-C10B-4CAA-BDDF-31E2098CBDA3@cederstrand.dk>
In-Reply-To: <k2v2te$ok1$1@ger.gmane.org>
References:  <035514CA-81D6-407F-A2C1-51A9FB0E3A74@cederstrand.dk> <k2v2te$ok1$1@ger.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Den 14/09/2012 kl. 13.03 skrev Ivan Voras <ivoras@FreeBSD.org>:

> On 14/09/2012 09:49, Erik Cederstrand wrote:
>> Hello hackers,
>>=20
>> I'm looking through the Clang Analyzer scans on =
http://scan.freebsd.your.org/freebsd-head looking for false positives to =
report back to LLVM. There are quite a list of reports suggesting to =
change vfork() calls to posix_spawn(). Example from /bin/rpc: =
http://scan.freebsd.your.org/freebsd-head/bin.rcp/2012-09-12-amd64/report-=
nsOV80.html#EndPath
>>=20
>> I know nothing about this but I can see fork and posix_spawn have =
been discussed on this list previously. Is this a legitimate warning (in =
this case and in general in FreeBSD base)?
>=20
> Currently (on 9-stable at least), posix_spawn() is implemented as a
> wrapper around vfork(), so I doubt replacing one with the other would =
do
> much.

The analyzer added this warning in January. The release notes link to =
this explanation: =
https://www.securecoding.cert.org/confluence/display/seccode/POS33-C.+Do+n=
ot+use+vfork()

I guess this is the important part:

"Because of the implementation of the vfork() function, the parent =
process is suspended while the child process executes. If a user sends a =
signal to the child process, delaying its execution, the parent process =
(which is privileged) is also blocked. This means that an unprivileged =
process can cause a privileged process to halt, which is a privilege =
inversion resulting in a denial of service."

Erik=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52517366-C10B-4CAA-BDDF-31E2098CBDA3>