seccomp ratsnets: crypto using threads

Hal Murray hmurray at
Sat Nov 25 13:09:02 UTC 2017

kurt at said:
> This means that when we initialize a global variable we use the
> pthread_once() function, which internally uses the futex to do that. It's
> not using threads itself, it's just making sure that if you use threads
> things work properly. 


Do we have to link with pthread, or is there a dummy/backup pthread_once() 
available for things like this if we are not using threads?

> I think if you want to use seccomp you can really expect to get such
> breakage from time to time when libraries or the kernel change.
> ...


It's even worse than that.  It's hard to test.  I was just lucky enough to 
stumble into this one before a user found it.

These are my opinions.  I hate spam.

More information about the devel mailing list