[pgpool-hackers: 51] Re: [pgpool-II 0000009]: dont call syslog(3) family in signal handler.

Tatsuo Ishii ishii at postgresql.org
Fri Mar 30 19:18:51 JST 2012


> The problem doesn't really come from the syslog patch but from the
> syslog call inside signal handlers, as it raise signals too. This is a
> well now coding security problem that allow local users to cause at
> least a denial of service.
> 
> The main solution is to ensure that non-reentrant functions are not used
> in signal handlers, here this is not the case as vsyslog() is not
> asynchronous safe :
> 
> child.c
> 
> /* signal handler for SIGALRM */
> static RETSIGTYPE authentication_timeout(int sig)
> {
>     pool_log("authentication is timeout");
>     child_exit(1);
> }
> 
> 
> The easiest solution is to remove the call to pool_log() within the code
> above and log the message from the parent process certainly not removing
> syslog support. Maybe the use of pool_send_frontend_exits() in
> child_exit() could help. What do you think ?

I don't see why calling pool_send_frontend_exits() in child_exit()
helps that. Can you elaborate?
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp


More information about the pgpool-hackers mailing list