From owner-kaio@oss.sgi.com Mon Nov 1 09:38:38 1999 Received: by oss.sgi.com id ; Mon, 1 Nov 1999 09:38:28 -0800 Received: from deliverator.sgi.com ([204.94.214.10]:5228 "EHLO deliverator.sgi.com") by oss.sgi.com with ESMTP id ; Mon, 1 Nov 1999 09:38:06 -0800 Received: from relay1.corp.sgi.com (spindle.corp.sgi.com [198.29.75.13]) by deliverator.sgi.com (980309.SGI.8.8.8-aspam-6.2/980310.SGI-aspam) via ESMTP id JAA10004 for ; Mon, 1 Nov 1999 09:38:27 -0800 (PST) mail_from (trev@cromlech.corp.sgi.com) Received: from cromlech.corp.sgi.com (cromlech.corp.sgi.com [150.166.181.83]) by relay1.corp.sgi.com (980427.SGI.8.8.8/970903.SGI.AUTOCF) via ESMTP id JAA07794; Mon, 1 Nov 1999 09:42:25 -0800 (PST) Received: from localhost (trev@localhost) by cromlech.corp.sgi.com (980427.SGI.8.8.8/980728.SGI.AUTOCF) via SMTP id JAA95539; Mon, 1 Nov 1999 09:42:22 -0800 (PST) Date: Mon, 1 Nov 1999 09:42:22 -0800 (PST) From: Trevor Hurst To: Rajagopal Ananth cc: kaio@oss.sgi.com Subject: Re: test In-Reply-To: <199910300051.RAA82001@madurai.engr.sgi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-kaio@oss.sgi.com Precedence: bulk Return-Path: X-Orcpt: rfc822;kaio-outgoing Looks like your test worked. -= Trev :o) On Fri, 29 Oct 1999, Rajagopal Ananth wrote: > > testing kaio > From owner-kaio@oss.sgi.com Mon Nov 8 13:05:39 1999 Received: by oss.sgi.com id ; Mon, 8 Nov 1999 13:05:29 -0800 Received: from rhdv.cistron.nl ([195.64.71.178]:13828 "EHLO rhdv.cistron.nl") by oss.sgi.com with ESMTP id ; Mon, 8 Nov 1999 13:05:18 -0800 Received: from localhost (rhdv@localhost) by rhdv.cistron.nl (8.9.3/8.9.3) with ESMTP id WAA01166 for ; Mon, 8 Nov 1999 22:08:55 +0100 Date: Mon, 8 Nov 1999 22:08:53 +0100 (CET) From: Robert de Vries To: kaio@oss.sgi.com Subject: Signal delivery suggestion Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-kaio@oss.sgi.com Precedence: bulk Return-Path: X-Orcpt: rfc822;kaio-outgoing The following piece of code contains a few omissions: + if (sigev->sigev_notify == SIGEV_SIGNAL) { + struct siginfo sinfo; + + sinfo.si_signo = sigev->sigev_signo; + sinfo.si_errno = 0; + sinfo.si_code = SI_KERNEL; + sinfo.si_pid = 0; + sinfo.si_uid = 0; + + send_sig_info(sigev->sigev_signo, &sinfo, task); + } First of all the struct siginfo is not cleared (e.g. with memset(&sinfo, 0, sizeof(sinfo))) This would copy kernel data which was accidentally on the stack to the user. Could be perceived as a security problem. Secondly, according to my POSIX.4 book from O'Reilly the si_code should be SI_ASYNCIO. Thirdly, the sigev->sigev_value is not copied to sinfo.si_value. Keep up the good work, Robert From owner-kaio@oss.sgi.com Tue Nov 9 14:17:50 1999 Received: by oss.sgi.com id ; Tue, 9 Nov 1999 14:17:40 -0800 Received: from pneumatic-tube.sgi.com ([204.94.214.22]:49476 "EHLO pneumatic-tube.sgi.com") by oss.sgi.com with ESMTP id ; Tue, 9 Nov 1999 14:17:12 -0800 Received: from madurai.engr.sgi.com (madurai.engr.sgi.com [192.48.174.5]) by pneumatic-tube.sgi.com (980327.SGI.8.8.8-aspam/980310.SGI-aspam) via ESMTP id OAA02809 for ; Tue, 9 Nov 1999 14:23:24 -0800 (PST) mail_from (ananth@madurai.engr.sgi.com) Received: (from ananth@localhost) by madurai.engr.sgi.com (980205.SGI.8.8.8/970903.SGI.AUTOCF) id OAA98271 for kaio@oss.sgi.com; Tue, 9 Nov 1999 14:20:57 -0800 (PST) From: ananth@madurai.engr.sgi.com (Rajagopal Ananth) Message-Id: <199911092220.OAA98271@madurai.engr.sgi.com> Subject: Re: Signal delivery suggestion To: kaio@oss.sgi.com Date: Tue, 9 Nov 1999 14:20:57 -0800 (PST) In-Reply-To: from "Robert de Vries" at Nov 8, 99 10:08:53 pm X-Mailer: ELM [version 2.4 PL24 ME5a] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-kaio@oss.sgi.com Precedence: bulk Return-Path: X-Orcpt: rfc822;kaio-outgoing > > The following piece of code contains a few omissions: > > + if (sigev->sigev_notify == SIGEV_SIGNAL) { > + struct siginfo sinfo; > + > + sinfo.si_signo = sigev->sigev_signo; > + sinfo.si_errno = 0; > + sinfo.si_code = SI_KERNEL; > + sinfo.si_pid = 0; > + sinfo.si_uid = 0; > + > + send_sig_info(sigev->sigev_signo, &sinfo, task); > + } > > > First of all the struct siginfo is not cleared > (e.g. with memset(&sinfo, 0, sizeof(sinfo))) > This would copy kernel data which was accidentally on the stack to the > user. Could be perceived as a security problem. > > Secondly, according to my POSIX.4 book from O'Reilly the si_code should be > SI_ASYNCIO. > > Thirdly, the sigev->sigev_value is not copied to sinfo.si_value. > Thanks for catching the errors & the suggestion to use SI_ASYNCIO. I'll correct the errors in the next revision of KAIO, and will look into using SI_ASYNCIO. > Keep up the good work, > Thanks for your interest! ananth. PS: currently I'm on sabatical leave, so if you get a vacation message from my private mail (ananth@sgi.com), please ignore it - I am still reading more important mail.