Re: Thread safety of coroutine-sigaltstack

[Laszlo Ersek]

On 01/21/21 16:42, Max Reitz wrote:

> Perhaps we have the policy of “If another process can send signals, then
> we consider it to have full control over qemu, like a debugger.”

That's what I had more or less in mind, yes; see e.g.

https://man7.org/linux/man-pages/man2/ptrace.2.html

       EPERM  The specified process cannot be traced.  This could be
              because the tracer has insufficient privileges (the
              required capability is CAP_SYS_PTRACE); unprivileged
              processes cannot trace processes that they cannot send
              signals to or those running set-user-ID/set-group-ID
              programs, for obvious reasons.  Alternatively, the process
              may already be being traced, or (on kernels before 2.6.26)
              be init(1) (PID 1).

Which seems to imply that, if you can send a signal, you can ptrace()
the signalee as well.

(I realize that what I'm saying does not follow from *pure logic*, as
the manual is stating !sendsig -> !trace, hence trace -> sendsig.
Whereas we're discussing the opposite direction: sendsig -> trace.
*But*, IMO, that direction is *suggested* by the manual.)

Anyway, this is kind of moot; I'm OK with the mutex too. :)

Thanks
Laszlo