From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 6A04D3858406; Mon,  2 May 2022 20:38:05 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6A04D3858406
From: "carlos at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug libc/29115] vfork()-based posix_spawn() has more failure modes
 than fork()-based one
Date: Mon, 02 May 2022 20:38:04 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: libc
X-Bugzilla-Version: 2.35
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: carlos at redhat dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: adhemerval.zanella at linaro dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: security-
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-29115-131-feEfcWbbx3@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-29115-131@http.sourceware.org/bugzilla/>
References: <bug-29115-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: glibc-bugs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Glibc-bugs mailing list <glibc-bugs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/glibc-bugs>,
 <mailto:glibc-bugs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/glibc-bugs/>
List-Help: <mailto:glibc-bugs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/glibc-bugs>,
 <mailto:glibc-bugs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 02 May 2022 20:38:05 -0000

https://sourceware.org/bugzilla/show_bug.cgi?id=3D29115

Carlos O'Donell <carlos at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |carlos at redhat dot com

--- Comment #5 from Carlos O'Donell <carlos at redhat dot com> ---
Either the kernel supports vfork or it doesn't.

A time namespace, or a seccomp filter are all the same problems, and we sho=
uld
return the error the userspace.

Adding code which will only be exercised in the event that a time namespace=
 is
in use is going to result in increased long-term maintenance costs.

It also results in unexpected surprise behaviour when the developer runs un=
der
a time namespace e.g. more memory usage, different code paths taken etc.

Rather than add long-term maintenance and surprise developers my suggestion=
 is
to fail the posix_spawn.

Users can take this up with the kernel to add support for vfork in time
namespaces, or with their sandboxing technology provider.

There might be exceptional cases where we need to add fallbacks, but I can't
see that this is one of those cases. For example clone3 to clone2 fallback =
is
sensible.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=