From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 13030 invoked by alias); 24 Jul 2012 23:04:53 -0000 Received: (qmail 13016 invoked by uid 22791); 24 Jul 2012 23:04:52 -0000 X-SWARE-Spam-Status: No, hits=-3.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,KHOP_THREADED X-Spam-Check-By: sourceware.org Received: from localhost (HELO sourceware.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 24 Jul 2012 23:04:41 +0000 From: "bugdal at aerifal dot cx" To: glibc-bugs@sources.redhat.com Subject: [Bug nptl/13347] Threaded setuid() can wrongly report success when failing to drop privileges Date: Tue, 24 Jul 2012 23:04:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: nptl X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: bugdal at aerifal dot cx X-Bugzilla-Status: WAITING X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org X-SW-Source: 2012-07/txt/msg00206.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=13347 --- Comment #5 from Rich Felker 2012-07-24 23:04:20 UTC --- By the user, I assume you mean the calling application. The problem is that there's no established way to report "something beyond your control went horribly wrong and you're in an inconsistent state" to the application. You can report failure, but applications are likely to assume this means the call had no effect, not that it had a partial effect. Ultimately, Linux should add a proper setuid syscall that affects all threads of the current process (thread group) atomically, and glibc should use that if it's available and only fallback to the ugly method currently in use on older kernels that don't provide the new syscall. Anyway I'll start out with a patch to make it report failure, and see where things go from there... -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.