This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug nptl/13347] Threaded setuid() can wrongly report success when failing to drop privileges
- From: "carlos_odonell at mentor dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Wed, 25 Jul 2012 02:20:32 +0000
- Subject: [Bug nptl/13347] Threaded setuid() can wrongly report success when failing to drop privileges
- Auto-submitted: auto-generated
- References: <bug-13347-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=13347
--- Comment #6 from Carlos O'Donell <carlos_odonell at mentor dot com> 2012-07-25 02:20:32 UTC ---
(In reply to comment #5)
> By the user, I assume you mean the calling application. The problem is that
> there's no established way to report "something beyond your control went
> horribly wrong and you're in an inconsistent state" to the application. You can
> report failure, but applications are likely to assume this means the call had
> no effect, not that it had a partial effect.
>
> Ultimately, Linux should add a proper setuid syscall that affects all threads
> of the current process (thread group) atomically, and glibc should use that if
> it's available and only fallback to the ugly method currently in use on older
> kernels that don't provide the new syscall.
>
> Anyway I'll start out with a patch to make it report failure, and see where
> things go from there...
Thanks Rich, you're work is appreciated.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.