svn commit: r265003 - head/secure/usr.sbin/sshd

Jilles Tjoelker jilles at
Sat Aug 23 17:52:48 UTC 2014

On Fri, Aug 22, 2014 at 06:31:39PM +0300, Konstantin Belousov wrote:
> On Fri, Aug 22, 2014 at 03:43:53PM +0200, Jilles Tjoelker wrote:
> > This is good and necessary for SA_SIGINFO (because of the type of the
> > SIG_DFL and SIG_IGN constants, and because POSIX says so in the
> > description of SA_RESETHAND in the sigaction() page). However, there
> > seems no reason to clear the other flags, which have no effect when the
> > disposition is SIG_DFL or SIG_IGN but have historically always been
> > preserved. (Slight exception: if kernel code erroneously loops on
> > ERESTART, it will eat CPU time iff SA_RESTART is set, independent of the
> > signal's disposition.)
> Well, I already committed the patch with several bugs fixed comparing
> with what was mailed, before your feedback arrived.

> Do you consider it is important enough to revert the resetting of other
> flags ?  In particular, your note about the traditional historic
> behaviour makes me wonder.

I consider it important enough. Clearing the other flags is not
POSIX-compliant and might break applications. For example, I can imagine
an application modifying a struct sigaction with sa_handler == SIG_DFL
from a sigaction() call.

> I do not see why SA_SIGINFO is so special that it must be reset,
> while other flags are not.  The absence of the cases where the
> default/ignored disposition is affected by the flags seems rather
> arbitrary.

The difference is that SA_SIGINFO changes the disposition field from
sa_handler to sa_sigaction, and it is not unambiguously clear how
SIG_DFL and SIG_IGN are represented in sa_sigaction. Note that
sa_handler and sa_sigaction may or may not share storage, and
implementations may or may not support (void (*)(int, siginfo_t *, void

For example, when I wrote system() using posix_spawn() in
I needed to know whether SIGINT and SIGQUIT were ignored or not. I wrote

]	if ((intact.sa_flags & SA_SIGINFO) != 0 ||
]	    intact.sa_handler != SIG_IGN)
]		(void)sigaddset(&defmask, SIGINT);
]	if ((quitact.sa_flags & SA_SIGINFO) != 0 ||
]	    quitact.sa_handler != SIG_IGN)
]		(void)sigaddset(&defmask, SIGQUIT);

in the assumption that there is always an actual handler if SA_SIGINFO
is set. I did not really like this code and eventually system() was
changed to use vfork() directly instead of posix_spawn(), but I think it
is correct.

Note that this means that it is sometimes necessary to install a handler
function that will never be called. Per POSIX, SA_SIGINFO must be set
for sigwaitinfo() to be guaranteed to return siginfo_t data, and the
only way to do this is to specify a handler function, even though it
will never be called because the signal is masked. (A never-called
handler function also needs to be specified when using sigwait-like
functions with signals that default to ignore.)

The other flags do not affect the representation of the disposition, and
can therefore remain set without problem.

Jilles Tjoelker

More information about the svn-src-all mailing list