[PATCH] nptl: Zero-extend arguments to SETXID syscalls [BZ #26248]
H.J. Lu
hjl.tools@gmail.com
Thu Jul 16 12:46:30 GMT 2020
On Thu, Jul 16, 2020 at 5:03 AM Florian Weimer <fweimer@redhat.com> wrote:
>
> * H. J. Lu via Libc-alpha:
>
> > nptl has
> >
> > /* Opcodes and data types for communication with the signal handler to
> > change user/group IDs. */
> > struct xid_command
> > {
> > int syscall_no;
> > long int id[3];
> > volatile int cntr;
> > volatile int error;
> > };
> >
> > /* This must be last, otherwise the current thread might not have
> > permissions to send SIGSETXID syscall to the other threads. */
> > result = INTERNAL_SYSCALL_NCS (cmdp->syscall_no, 3,
> > cmdp->id[0], cmdp->id[1], cmdp->id[2]);
> >
> > But the second argument of setgroups syscal is a pointer:
> >
> > int setgroups(size_t size, const gid_t *list);
> >
> > But on x32, pointers passed to syscall must have pointer type so that they
> > will be zero-extended.
> >
> > Add <setxid-internal.h> to define INTERNAL_SETXID_SYSCALL_NCS and use it,
> > instead of INTERNAL_SYSCALL_NCS, for SETXID syscalls. X32 override it
> > with pointer type for setgroups. A testcase is added and setgroups
> > returned with EFAULT when running as root without the fix.
>
> Isn't it sufficient to change the type of id to unsigned long int[3]?
> The UID arguments are unsigned on the kernel side, so no sign extension
> is required.
>
It works. Here is the updated patch. OK for master?
Thanks.
--
H.J.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-nptl-Zero-extend-arguments-to-SETXID-syscalls-BZ-262.patch
Type: text/x-patch
Size: 4703 bytes
Desc: not available
URL: <https://sourceware.org/pipermail/libc-alpha/attachments/20200716/717f60c7/attachment.bin>
More information about the Libc-alpha
mailing list