On Sun, 08 May 2016 at 15:44:17 +0100, Ian Jackson wrote: > It is a bug to execute a program with SIGPIPE ignored without its > consent. (Or to put it another way, it is not part of the > specification of programs in general, on a unix system, that they will > function correctly if run with anomalous signal configuration.)
The anecdotal evidence is that programs in general do not necessarily function correctly if SIGPIPE is *not* ignored, either; one major problem with SIGPIPE is that it is also sent when disconnected from a TCP or AF_UNIX socket (unless the relatively recent MSG_NOSIGNAL flag is used on every read and every write), and that's hardly ever what the author of the networking code expected or intended. dbus-daemon did start activatable services with SIGPIPE unignored at one point, and it broke services in practice: see <https://bugs.freedesktop.org/show_bug.cgi?id=56043>. (You'll notice that I used basically the same arguments there that you are using here, and was overruled.) systemd also starts services with SIGPIPE ignored by default (there is an IgnoreSIGPIPE=false option which unit files can use if desired, see systemd.exec(5)). libdbus also used to ignore SIGPIPE unconditionally when used. This one was clearly a bug, because libraries shouldn't alter global state, but immediately exiting from the default SIGPIPE handler when disconnected from the bus (with no opportunity for cleanup) was considered to be a worse bug. We now use MSG_NOSIGNAL if supported, and only ignore SIGPIPE globally if there is no MSG_NOSIGNAL. I'm not sure whether this is wontfix or "not a bug", but either way it's unlikely to change. Would you feel better about it if the D-Bus Specification specifically said that activatable services on Unix are started with SIGPIPE ignored? S
