CXX.POSIX.VFORK

Do not use vfork()

The POSIX vfork() function should not be used because of many known security vulnerabilities.

Vulnerability and risk

POSIX-specific vfork() functions often cause undefined behavior. Also, using the vfork() function is likely to cause race conditions. If a privileged process calls the vfork() function and the child process calls the execve() function, the child process has lower privileges than the parent process, but the parent process stops while the child process is running. Therefore, an attacker can continuously request a child process and execute a denial of service attack by keeping the parent process stopped.

Mitigation and prevention

Use the fork() function instead of the vfork().

Vulnerable code example

Copy

1
2
3
4
5
6
7
8
9
10
void func(char *filename)
{
        pid_t pid = vfork();
        if (pid == 0) /* child */ {
                if (execve(filename, NULL, NULL) == -1) {
                        /* Handle error */
                }
                _exit(1); /* in case execve() fails */
        }
}

In the code above, you can use the fork() function instead of the vfork() function to prevent denial of service attacks and race conditions.