Insecure use of vfork function

ID

c.race_condition.insecure_api_vfork

Severity

low

Resource

Race Condition

Language

C / C++

Description

The vfork function has portability issues and is vulnerable to race conditions. The child process runs in the parent’s address space until it calls execve or _exit, and on some systems a user may be able to send signals to the child process running with elevated privileges. Use fork instead and be aware of potential TOCTOU vulnerabilities with file descriptors.

Rationale

The vfork function has portability issues and is vulnerable to race conditions. The child process runs in the parent’s address space until it calls execve or _exit, and on some systems a user may be able to send signals to the child process running with elevated privileges. Use fork instead and be aware of potential TOCTOU vulnerabilities with file descriptors.

The following code illustrates a vulnerable pattern detected by this rule:

void vulnerable_vfork() {
    pid_t pid;
    // VULNERABLE: Insecure use of vfork function
    // vfork has race condition vulnerabilities and portability issues
    pid = vfork();
    if (pid == 0) {
        // Child process - runs in parent's address space
        execl("/bin/ls", "ls", NULL);
        _exit(1);
    } else if (pid > 0) {
        // Parent process
        wait(NULL);
    }
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References