[Pkg-utopia-maintainers] Bug#823754: dbus execs nonconsenting programs with SIGPIPE ignored
Simon McVittie
smcv at debian.org
Sun May 8 16:41:23 UTC 2016
On Sun, 08 May 2016 at 15:44:17 +0100, Ian Jackson wrote:
> It is a bug to execute a program with SIGPIPE ignored without its
> consent. (Or to put it another way, it is not part of the
> specification of programs in general, on a unix system, that they will
> function correctly if run with anomalous signal configuration.)
The anecdotal evidence is that programs in general do not necessarily
function correctly if SIGPIPE is *not* ignored, either; one major problem
with SIGPIPE is that it is also sent when disconnected from a TCP or
AF_UNIX socket (unless the relatively recent MSG_NOSIGNAL flag is used on
every read and every write), and that's hardly ever what the author of the
networking code expected or intended. dbus-daemon did start activatable
services with SIGPIPE unignored at one point, and it broke services
in practice: see <https://bugs.freedesktop.org/show_bug.cgi?id=56043>.
(You'll notice that I used basically the same arguments there that you
are using here, and was overruled.)
systemd also starts services with SIGPIPE ignored by default (there is
an IgnoreSIGPIPE=false option which unit files can use if desired, see
systemd.exec(5)).
libdbus also used to ignore SIGPIPE unconditionally when used. This one
was clearly a bug, because libraries shouldn't alter global state, but
immediately exiting from the default SIGPIPE handler when disconnected
from the bus (with no opportunity for cleanup) was considered to be a
worse bug. We now use MSG_NOSIGNAL if supported, and only ignore SIGPIPE
globally if there is no MSG_NOSIGNAL.
I'm not sure whether this is wontfix or "not a bug", but either way
it's unlikely to change. Would you feel better about it if the D-Bus
Specification specifically said that activatable services on Unix
are started with SIGPIPE ignored?
S
More information about the Pkg-utopia-maintainers
mailing list