[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Race condition in handling SIGHUP

From: Siteshwar Vashisht
Subject: Race condition in handling SIGHUP
Date: Wed, 27 Apr 2016 06:04:46 -0400 (EDT)


Recently we came across a bug in bash which was introduced by below patch :


In bash 4.2 this could lead to a race condition. 'yy_readline_get ()' function sets 'terminate_immediately' to 1 before calling readline() at [1].

If shell receives SIGHUP and executes 'termsig_handler ()' before setting 'terminate_immediately' back to 0 [2], we will end up at [3] (considering 'RL_ISSTATE (RL_STATE_READCMD)' evaluates to 0 when readline is not waiting to read command from user), and ~/.bash_history will not be updated.

We started seeing this bug after above mentioned patch was backported to RHEL 6. Sometimes ~/.bash_history is not updated when user executes 'reboot' command in a ssh session. This is caused by race condition in handling SIGHUP.

While this issue was fixed by backporting somes changes (See attached patch) from [4]  to bash-4.2 or older versions, there is still a corner case which may cause race condition in handling SIGHUP in current upstream.

'bash_tilde_expand ()' function sets 'terminate_immediately' to 1 at [5]

If SIGHUP is received and termsig_handler () gets executed before reaching [6], ~/.bash_history will not be updated. This can happen in a scenario where user is running ssh session and requests for expansion for '~', if an admin issues 'reboot' command at the same time then ~/.bash_history may not be updated.

I have 2 questions about how current upstream handles this condition :

1. Why 'terminate_immediately' is set to 1 at [7]?

2. Why 'RL_ISSTATE (RL_STATE_READCMD)' is being checked at [8]? This will evaluate to 0 if readline is not waiting to read a command from user. I believe this check can be removed.

[1] http://git.savannah.gnu.org/cgit/bash.git/tree/parse.y?id=bash-4.2#n1441
[2] http://git.savannah.gnu.org/cgit/bash.git/tree/parse.y?id=bash-4.2#n1446
[3] http://git.savannah.gnu.org/cgit/bash.git/tree/sig.c?id=d5d0096115d0d484fd669ad170498962ea45e841#n513
[4] http://git.savannah.gnu.org/cgit/bash.git/commit/?id=ac50fbac377e32b98d2de396f016ea81e8ee9961
[5] http://git.savannah.gnu.org/cgit/bash.git/tree/general.c#n994
[6] http://git.savannah.gnu.org/cgit/bash.git/tree/general.c#n1004
[7] http://git.savannah.gnu.org/cgit/bash.git/tree/general.c#n994
[8] http://git.savannah.gnu.org/cgit/bash.git/tree/sig.c#n524



Attachment: bash-4.3-fix-terminate_immediately.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]