vfork can cause memory corruption due to the lack of #[ffi_returns_twice] #1596
Labels
C-bug
Category: bug
I-unsound 💥
A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness
O-linux
Comments
Merged
JohnTitor
added
C-bug
sporksmith
added a commit
to sporksmith/shadow
that referenced
this issue
Mar 22, 2023
Bare vfork + exec are tricky to use, since it's easy to accidentally corrupt the parent process's state from the child process. It's also unsupported in Rust (rust-lang/libc#1596). I think we could work around this in Rust by using inline assembly or a C helper function to wrap the fork and exec, but `posix_spawn` basically does that for us already.
sporksmith
added a commit
to sporksmith/shadow
that referenced
this issue
Mar 23, 2023
Bare vfork + exec are tricky to use, since it's easy to accidentally corrupt the parent process's state from the child process. It's also unsupported in Rust (rust-lang/libc#1596). I think we could work around this in Rust by using inline assembly or a C helper function to wrap the fork and exec, but `posix_spawn` basically does that for us already.
sporksmith
added a commit
to sporksmith/shadow
that referenced
this issue
Mar 24, 2023
Bare vfork + exec are tricky to use, since it's easy to accidentally corrupt the parent process's state from the child process. It's also unsupported in Rust (rust-lang/libc#1596). I think we could work around this in Rust by using inline assembly or a C helper function to wrap the fork and exec, but `posix_spawn` basically does that for us already.
sporksmith
added a commit
to shadow/shadow
that referenced
this issue
Mar 24, 2023
Bare vfork + exec are tricky to use, since it's easy to accidentally corrupt the parent process's state from the child process. It's also unsupported in Rust (rust-lang/libc#1574, rust-lang/libc#1596). I think we could work around this in Rust by using inline assembly or a C helper function to wrap the fork and exec, but `posix_spawn` basically does that for us already.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Due to the lack of a stable
#[ffi_returns_twice]attribute,vforkcannot be safely used since it can cause memory corruption of unrelated local variables in the parent process.Miscompilation example: https://play.rust-lang.org/?version=nightly&mode=release&edition=2018&gist=e192ab81e8d408fa9984f766e2356697
Fixed (but nightly-only) version with
#[ffi_returns_twice]: https://play.rust-lang.org/?version=nightly&mode=release&edition=2018&gist=0de019e56b69aa048f3e0f5319cc187eThe text was updated successfully, but these errors were encountered: