2519 – *ftw*() and/or fxstatat() misbehaves when called from setuid processes

Bug 2519 - *ftw*() and/or fxstatat() misbehaves when called from setuid processes

Summary: *ftw*() and/or fxstatat() misbehaves when called from setuid processes

Status:	RESOLVED INVALID

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	libc (show other bugs)
Version:	unspecified

Importance:	P2 normal
Target Milestone:	---
Assignee:	Ulrich Drepper

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-04-06 01:47 UTC by Petr Baudis
Modified:	2018-04-19 15:11 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Petr Baudis 2006-04-06 01:47:05 UTC

Lately (it is at least in the current CVS, not sure if it's already in some
release), ftw() and relatives were converted to use fxstatat(). The trouble is,
this will not work right with kernels not supporting the appropriate syscall:
then it is emulated by looking into /proc/self/fd/, but in case the executable
was setuid root and then the process setuid()s to a non-root user, /proc/self/fd
becomes inaccessible to it. And unfortunately, the LSB testsuite uses exactly
this setup when testing nftw().

The simple fix would be to make ftw() double-check with lstat() if fxstatat() 
returns error or not use fxstatat() altogether; I'm not sure if this could be
fixed properly in fxstatat() itself.

Comment 1 Ulrich Drepper 2006-04-06 14:37:10 UTC

Then fix the kernel.