使用 Sys::SigAction::timeout_call 不安全? [英] use of Sys::SigAction::timeout_call unsafe?

问题描述

我刚刚阅读了 Leon Timmermans 的文章 关于基于信号的超时你应该知道什么 我想知道它如何/是否适用于 Sys::SigAction::timeout_call().

I've just read Leon Timmermans' article What you should know about signal based timeouts and I was wondering how it/if it applies to the use of Sys::SigAction::timeout_call().

1) 首先，似乎 timeout_call() 使用了 longjmp 和不安全信号，因此 CERT 安全编码规则 SIG32-C 适用.

1) First of all, it seems that timeout_call() uses longjmp and unsafe signals, and therefore CERT Secure Coding rule SIG32-C is applicable.

2) 如果被监控超时的代码只包含纯 perl 代码(即不调用 XS 模块)，使用 timeout_call 是否安全?

2) Is timeout_call safe to use if the code being monitored for timeouts only contains pure-perl code (i.e. no calls to XS modules)?

推荐答案

1) timeout_call() 使用几乎完全相同的习语将系统调用包装在 eval/alarm 中代码>块作为莱昂的例子:

1) timeout_call() uses almost the exact same idiom to wrap a system call in an eval/alarm block as Leon's example:

my $ALARM_EXCEPTION = "alarm clock restart";
my $h;
eval {
    $h = set_sig_handler('ALRM', sub { die $ALARM_EXCEPTION }, { });
    alarm 10;
    flock $fh, 2 or die "cannot flock: $!";
    alarm 0;
};
alarm 0;
$SIG{ALRM} = $h;
if ($@ && $@ !~ quotemeta($ALARM_EXCEPTION)) { die }

因此，如果 set_sig_handler 禁用/覆盖安全信号处理，那么 timeout_call 也会.

So if set_sig_handler disables/overrides safe signal handling, then timeout_call will, too.

2) 纯 Perl 仍然可以与操作系统进行大量交互，并且每个系统调用对信号的响应方式可能因平台而异.所以总的来说答案是否定的.

2) Pure Perl can still have plenty of interaction with the operating system, and how each system call responds to signals can vary widely between platforms. So in general the answer is no.

这篇关于使用 Sys::SigAction::timeout_call 不安全?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！