Austin Group Defect Tracker

Aardvark Mark IV


Viewing Issue Simple Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Type Date Submitted Last Update
0001848 [1003.1(2024)/Issue8] System Interfaces Editorial Enhancement Request 2024-08-02 17:07 2024-08-08 15:37
Reporter enh View Status public  
Assigned To
Priority normal Resolution Accepted As Marked  
Status Resolved  
Name Elliott Hughes
Organization Google
User Reference
Section kill()
Page Number (page or range of pages)
Line Number (Line or range of lines)
Interp Status ---
Final Accepted Text Note: 0006858
Summary 0001848: remove TOCTOU pid checking suggestions
Description various pages (such as https://pubs.opengroup.org/onlinepubs/9799919799/functions/kill.html) [^] currently have text like

> If sig is 0 (the null signal), error checking is performed but no signal is actually sent. The null signal can be used to check the validity of pid.

the second sentence is bad advice, because the pid could become invalid before the function even returns, let alone in the window between the function returning and the caller then attempting to make use of that "knowledge". this encourages the introduction of TOCTOU bugs.
Desired Action such text should be removed from every page on which it occurs (a quick web search turned up kill() and sigqueue()).
Tags tc1-2024
Attached Files

- Relationships

-  Notes
(0006855)
geoffclare (manager)
2024-08-05 10:23

There is one situation in which a TOCTOU does not occur: if the calling process is the parent of the process(es) specified by pid and has not yet waited for it/them. However, the standard requires that kill() always[*] succeeds in this case, so it still cannot be used to check the "validity" of pid (by which it really means the existence of one or more processes that match it and for which the calling process has permission to send it/them a signal).

[*] with one exception: if user ID changes have been made in the child(ren) or parent such that neither the real nor effective user ID of the parent process matches the real or saved set-user-ID of any child matching pid, and the calling process is not privileged, then the call will fail with EPERM. It seems highly unlikely that a process would use kill() in some way to obtain information about such user ID relationships with its children.

So I agree the text should be removed.
(0006858)
geoffclare (manager)
2024-08-08 15:36

On page 1312 line 44211 section kill(), and
page 2067 line 67770 section sigqueue(), delete:
The null signal can be used to check the validity of pid.

- Issue History
Date Modified Username Field Change
2024-08-02 17:07 enh New Issue
2024-08-02 17:07 enh Name => Elliott Hughes
2024-08-02 17:07 enh Organization => Google
2024-08-02 17:07 enh Section => kill()
2024-08-02 17:07 enh Page Number => (page or range of pages)
2024-08-02 17:07 enh Line Number => (Line or range of lines)
2024-08-05 10:23 geoffclare Note Added: 0006855
2024-08-08 15:36 geoffclare Note Added: 0006858
2024-08-08 15:37 geoffclare Interp Status => ---
2024-08-08 15:37 geoffclare Final Accepted Text => Note: 0006858
2024-08-08 15:37 geoffclare Status New => Resolved
2024-08-08 15:37 geoffclare Resolution Open => Accepted As Marked
2024-08-08 15:38 geoffclare Tag Attached: tc1-2024


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker