This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: ld.so setuid bug?


On Sat, Sep 04, 2004 at 02:02:25AM -0700, Ulrich Drepper wrote:
> Doesn't fail for me, with the fc3 glibc or my own builds.

The failure works like this:

	check_one_fd uses __libc_fcntl.

	__libc_fcntl uses SINGLE_THREAD_P.  

	Since this is rtld, and not libpthread or libc, SINGLE_THREAD_P
	expands to THREAD_GETMEM.  Which would be fine, except ...

	We didn't set up the thread pointer because ld-linux.so.2 
	doesn't have a TLS PHDR.

Given that this is all true for x86 as well, I'm not sure why
things don't crash there.  The following does fix the problem,
and is in keeping with the open_no_cancel call just below.


r~


2004-09-05  Richard Henderson  <rth@redhat.com>

	* sysdeps/generic/check_fds.c (check_one_fd): Use fcntl_not_cancel.

Index: sysdeps/generic/check_fds.c
===================================================================
RCS file: /cvs/glibc/libc/sysdeps/generic/check_fds.c,v
retrieving revision 1.9
diff -c -p -d -u -r1.9 check_fds.c
--- sysdeps/generic/check_fds.c	23 Apr 2003 01:54:03 -0000	1.9
+++ sysdeps/generic/check_fds.c	5 Sep 2004 11:10:45 -0000
@@ -41,7 +41,7 @@ static void
 check_one_fd (int fd, int mode)
 {
   /* Note that fcntl() with this parameter is not a cancellation point.  */
-  if (__builtin_expect (__libc_fcntl (fd, F_GETFD), 0) == -1
+  if (__builtin_expect (fcntl_not_cancel (fd, F_GETFD, 0), 0) == -1
       && errno == EBADF)
     {
       struct stat64 st;


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]