This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] nptl: Fix abort in case of set*id failure

From: Florian Weimer <fweimer at redhat dot com>
To: OndÅej BÃlka <neleai at seznam dot cz>
Cc: libc-alpha at sourceware dot org
Date: Mon, 28 Apr 2014 15:06:01 +0200
Subject: Re: [PATCH] nptl: Fix abort in case of set*id failure
Authentication-results: sourceware.org; auth=none
References: <20140428120545 dot 20B0643994596 at oldenburg dot str dot redhat dot com> <20140428125059 dot GA24365 at domone dot podge>

On 04/28/2014 02:50 PM, OndÅej BÃlka wrote:

On Mon, Apr 28, 2014 at 02:03:02PM +0200, Florian Weimer wrote:

If a call to the set*id functions fails in a multi-threaded program,
the abort introduced in commit 13f7fe35ae2b0ea55dc4b9628763aafdc8bdc30c
was triggered.

We address by checking that all calls to set*id on all threads give
the same result, and only abort if we see success followed by failure
(or vice versa).


A code itself makes sense. However I am not familiar with nptl enough to decide
if its proper solution, like why there is not a race condition if other
thread calls setuid that succeeds followed by setuid that fails.

There is supposed to be locking to prevent this. I'm not entirely sureif it is sufficient, but my additions do not make things worse.


--
Florian Weimer / Red Hat Product Security Team

References:
- [PATCH] nptl: Fix abort in case of set*id failure
  - From: Florian Weimer
- Re: [PATCH] nptl: Fix abort in case of set*id failure
  - From: OndÅej BÃlka

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]