public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/2296] New: semval could become negative
@ 2006-02-08 10:57 cees at gatso dot nl
2006-02-08 15:23 ` [Bug libc/2296] " decimal at us dot ibm dot com
0 siblings, 1 reply; 2+ messages in thread
From: cees at gatso dot nl @ 2006-02-08 10:57 UTC (permalink / raw)
To: glibc-bugs
Reading throug the semaphore manpages semget, semctl and semop I realized that
eigther the documentation is incorrect or there is a security risk.
It is possible for semval to become negative in the following way:
A semaphore is created by process #1 and initialized to 0.
Process #1 releases the semaphore and sets it to 1 using SEM_UNDO.
Process #2 attatches to the semaphore and locks it setting it to 0.
Process #1 gets killed and semval should be set to -1!
In the documentation is stated that semval is a positive integer. So it can not
become -1. But according to this scheme it should be able to.
What is the behavier of the semaphore in this sequence of events?
--
Summary: semval could become negative
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: cees at gatso dot nl
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=2296
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug libc/2296] semval could become negative
2006-02-08 10:57 [Bug libc/2296] New: semval could become negative cees at gatso dot nl
@ 2006-02-08 15:23 ` decimal at us dot ibm dot com
0 siblings, 0 replies; 2+ messages in thread
From: decimal at us dot ibm dot com @ 2006-02-08 15:23 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From decimal at us dot ibm dot com 2006-02-08 15:23 -------
The System V IPC operations are not implemented by glibc.
Taking semget() as an example.
sysdeps/unix/sysv/linux/semget.c simply makes a Linux system call.
sysvipc/semget.c returns ENOSYS for systems using glibc which provide no other
implementation.
Similarly the manual pages for these operations are not owned by glibc.
You should pursue this issue with your distro or LKML I imagine.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
http://sourceware.org/bugzilla/show_bug.cgi?id=2296
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-02-08 15:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-02-08 10:57 [Bug libc/2296] New: semval could become negative cees at gatso dot nl
2006-02-08 15:23 ` [Bug libc/2296] " decimal at us dot ibm dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).