dlclose with atfork handlers core dumps
Submitted by mai..@..xx.net
This report is meant to bring attention to the issue mentioned in: https://trac.macports.org/ticket/45309 and http://comments.gmane.org/gmane.os.openbsd.bugs/21076
Brief summary of the issue:
When a library used by a module adding a new dependency which has
an initializer which adds a child atfork handler:
The result is that after closing the module, the system has a dangling pointer for the atfork handler which would at best crash on the child side of fork() and at worst lead to arbitray code execution of whatever happened to be at that location in memory at a later time in the process.
This issue can be reproduced on OSX and OpenBSD. On the latter, for example using a webkit (p11-kit as dependency) based browsers which dumps core on any call to fork().
A more detailed analysis for OSX can be found in the ticket above, starting in the later comments: https://trac.macports.org/ticket/45309#comment:47
A more detailed analysis for OpenBSD is in this thread: http://comments.gmane.org/gmane.os.openbsd.bugs/21076
A possible workaround is to not call dlclose() as done in the following patch: https://trac.macports.org/browser/trunk/dports/devel/glib2-devel/files/patch-gmodule-gmodule-dl.c.diff?rev=127768
This patch is confirmed to work on OpenBSD as well.