This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug nptl/3270] New: Setuid implementation has races and lockups
- From: "drow at sources dot redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 27 Sep 2006 15:37:11 -0000
- Subject: [Bug nptl/3270] New: Setuid implementation has races and lockups
- Reply-to: sourceware-bugzilla at sourceware dot org
I discovered a problem with the existing code for __nptl_setxid. It can set the
setxid bit in cancelhandling for a thread, and then fail to send it a signal,
leading to a lockup in start_thread during thread exit. This can happen when
the thread's stack has been allocated (under stack_cache_lock) but the thread
has not yet been created, so TID is not set in the thread descriptor.
Similarly, __nptl_setxid can miss a thread being created just before its parent
is signalled, leaving that thread with the wrong UID. There were also minor
problems, e.g. setxid_futex was never reset so the exit behavior was different
if the thread had experienced at least one prior setxid event during its lifetime.
I'll attach a patch and testcase.
--
Summary: Setuid implementation has races and lockups
Product: glibc
Version: 2.4
Status: NEW
Severity: normal
Priority: P2
Component: nptl
AssignedTo: drepper at redhat dot com
ReportedBy: drow at sources dot redhat dot com
CC: glibc-bugs at sources dot redhat dot com
GCC host triplet: x86_64-pc-linux-gnu
http://sourceware.org/bugzilla/show_bug.cgi?id=3270
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.