[Bug libc/28377] New: closefrom_fallback fails when /proc/self/fd is not present, which causes unexpected behavior with openssh

[Bug libc/28377] New: closefrom_fallback fails when /proc/self/fd is not present, which causes unexpected behavior with openssh

[william.wilson at canonical dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=28377

            Bug ID: 28377
           Summary: closefrom_fallback fails when /proc/self/fd is not
                    present, which causes unexpected behavior with openssh
           Product: glibc
           Version: 2.34
            Status: UNCONFIRMED
          Severity: minor
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: william.wilson at canonical dot com
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

A valid use case of sshd is to run in a "chroot" that actually looks nothing
like a root filesystem. If this is attempted in a kernel that does not
implement the close_range syscall (5.8 or older) the fallback_closefrom
function in glibc 2.34 looks for /proc/self/fd and returns an error if it is
not found. This implementation may want to consider scenarios where
/proc/self/fd is not present.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/28377] closefrom_fallback fails when /proc/self/fd is not present, which causes unexpected behavior with openssh

[william.wilson at canonical dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=28377

--- Comment #1 from william.wilson at canonical dot com ---
I have also created https://bugzilla.mindrot.org/show_bug.cgi?id=3349 to track
this with openssh.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/28377] closefrom_fallback fails when /proc/self/fd is not present, which causes unexpected behavior with openssh

[michael.hudson at canonical dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=28377

Michael Hudson-Doyle <michael.hudson at canonical dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |michael.hudson at canonical dot co
                   |                            |m

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/28377] closefrom_fallback fails when /proc/self/fd is not present, which causes unexpected behavior with openssh

[adhemerval.zanella at linaro dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=28377

Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |adhemerval.zanella at linaro dot o
                   |                            |rg

--- Comment #2 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> ---
As Florian has state in the https://bugzilla.mindrot.org/show_bug.cgi?id=3349,
there is not much we can do make it work reliable on Linux. The RLIMIT_NOFILE
fallback some implementations (such the one used on openssh at
openbsd-compat/bsd-closefrom.c) is not possible because it does not really
describe the descriptor range, and iterating over all possible file descriptors
values (INT_MAX) is prohibitively performance-wise. It might work on openssh
since it controls when and how it uses RLIMIT_NOFILE, but it not an option for
glibc.

So I think it is a fair assumption that if you want to support closefrom() on a
kernel without the syscall suppport, you need to provide the another feasible
kernel interface to allows it (procfs).

Another option is to either abort if /proc can not be opened or remove the
fallback (and abort() as well).

In any case, I am inclined to close this bug.

-- 
You are receiving this mail because:
You are on the CC list for the bug.