[pgpool-hackers: 50] Re: [pgpool-II 0000009]: dont call syslog(3) family in signal handler.
Gilles Darold
gilles.darold at dalibo.com
Fri Mar 30 18:54:14 JST 2012
Hi,
The problem doesn't really come from the syslog patch but from the
syslog call inside signal handlers, as it raise signals too. This is a
well now coding security problem that allow local users to cause at
least a denial of service.
The main solution is to ensure that non-reentrant functions are not used
in signal handlers, here this is not the case as vsyslog() is not
asynchronous safe :
child.c
/* signal handler for SIGALRM */
static RETSIGTYPE authentication_timeout(int sig)
{
pool_log("authentication is timeout");
child_exit(1);
}
The easiest solution is to remove the call to pool_log() within the code
above and log the message from the parent process certainly not removing
syslog support. Maybe the use of pool_send_frontend_exits() in
child_exit() could help. What do you think ?
Best regards,
--
Gilles Darold
http://dalibo.com - http://dalibo.org
More information about the pgpool-hackers
mailing list