View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001848 | 1003.1(2024)/Issue8 | System Interfaces | public | 2024-08-02 17:07 | 2024-08-08 15:37 |
| Reporter | enh | Assigned To | |||
| Priority | normal | Severity | Editorial | Type | Enhancement Request |
| Status | Resolved | Resolution | Accepted As Marked | ||
| Name | Elliott Hughes | ||||
| Organization | |||||
| User Reference | |||||
| Section | kill() | ||||
| Page Number | (page or range of pages) | ||||
| Line Number | (Line or range of lines) | ||||
| Interp Status | --- | ||||
| Final Accepted Text | 0001848:0006858 | ||||
| Summary | 0001848: remove TOCTOU pid checking suggestions | ||||
| Description | various pages (such as https://pubs.opengroup.org/onlinepubs/9799919799/functions/kill.html) currently have text like > If sig is 0 (the null signal), error checking is performed but no signal is actually sent. The null signal can be used to check the validity of pid. the second sentence is bad advice, because the pid could become invalid before the function even returns, let alone in the window between the function returning and the caller then attempting to make use of that "knowledge". this encourages the introduction of TOCTOU bugs. | ||||
| Desired Action | such text should be removed from every page on which it occurs (a quick web search turned up kill() and sigqueue()). | ||||
| Tags | tc1-2024 | ||||
|
|
There is one situation in which a TOCTOU does not occur: if the calling process is the parent of the process(es) specified by pid and has not yet waited for it/them. However, the standard requires that kill() always[*] succeeds in this case, so it still cannot be used to check the "validity" of pid (by which it really means the existence of one or more processes that match it and for which the calling process has permission to send it/them a signal). [*] with one exception: if user ID changes have been made in the child(ren) or parent such that neither the real nor effective user ID of the parent process matches the real or saved set-user-ID of any child matching pid, and the calling process is not privileged, then the call will fail with EPERM. It seems highly unlikely that a process would use kill() in some way to obtain information about such user ID relationships with its children. So I agree the text should be removed. |
|
|
On page 1312 line 44211 section kill(), and page 2067 line 67770 section sigqueue(), delete: The null signal can be used to check the validity of pid. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-08-02 17:07 | enh | New Issue | |
| 2024-08-02 17:07 | enh | Name | => Elliott Hughes |
| 2024-08-02 17:07 | enh | Organization | |
| 2024-08-02 17:07 | enh | Section | => kill() |
| 2024-08-02 17:07 | enh | Page Number | => (page or range of pages) |
| 2024-08-02 17:07 | enh | Line Number | => (Line or range of lines) |
| 2024-08-05 10:23 | geoffclare | Note Added: 0006855 | |
| 2024-08-08 15:36 | geoffclare | Note Added: 0006858 | |
| 2024-08-08 15:37 | geoffclare | Interp Status | => --- |
| 2024-08-08 15:37 | geoffclare | Final Accepted Text | => 0001848:0006858 |
| 2024-08-08 15:37 | geoffclare | Status | New => Resolved |
| 2024-08-08 15:37 | geoffclare | Resolution | Open => Accepted As Marked |
| 2024-08-08 15:38 | geoffclare | Tag Attached: tc1-2024 |
