This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH] nptl: Fix abort in case of set*id failure
- From: Florian Weimer <fweimer at redhat dot com>
- To: OndÅej BÃlka <neleai at seznam dot cz>
- Cc: libc-alpha at sourceware dot org
- Date: Mon, 28 Apr 2014 15:06:01 +0200
- Subject: Re: [PATCH] nptl: Fix abort in case of set*id failure
- Authentication-results: sourceware.org; auth=none
- References: <20140428120545 dot 20B0643994596 at oldenburg dot str dot redhat dot com> <20140428125059 dot GA24365 at domone dot podge>
On 04/28/2014 02:50 PM, OndÅej BÃlka wrote:
On Mon, Apr 28, 2014 at 02:03:02PM +0200, Florian Weimer wrote:
If a call to the set*id functions fails in a multi-threaded program,
the abort introduced in commit 13f7fe35ae2b0ea55dc4b9628763aafdc8bdc30c
We address by checking that all calls to set*id on all threads give
the same result, and only abort if we see success followed by failure
(or vice versa).
A code itself makes sense. However I am not familiar with nptl enough to decide
if its proper solution, like why there is not a race condition if other
thread calls setuid that succeeds followed by setuid that fails.
There is supposed to be locking to prevent this. I'm not entirely sure
if it is sufficient, but my additions do not make things worse.
Florian Weimer / Red Hat Product Security Team