This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/2519] New: *ftw*() and/or fxstatat() misbehaves when called from setuid processes
- From: "pasky at suse dot cz" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 6 Apr 2006 01:47:06 -0000
- Subject: [Bug libc/2519] New: *ftw*() and/or fxstatat() misbehaves when called from setuid processes
- Reply-to: sourceware-bugzilla at sourceware dot org
Lately (it is at least in the current CVS, not sure if it's already in some
release), ftw() and relatives were converted to use fxstatat(). The trouble is,
this will not work right with kernels not supporting the appropriate syscall:
then it is emulated by looking into /proc/self/fd/, but in case the executable
was setuid root and then the process setuid()s to a non-root user, /proc/self/fd
becomes inaccessible to it. And unfortunately, the LSB testsuite uses exactly
this setup when testing nftw().
The simple fix would be to make ftw() double-check with lstat() if fxstatat()
returns error or not use fxstatat() altogether; I'm not sure if this could be
fixed properly in fxstatat() itself.
--
Summary: *ftw*() and/or fxstatat() misbehaves when called from
setuid processes
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: pasky at suse dot cz
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=2519
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.