From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id A1D433858408; Thu, 6 Jan 2022 18:30:52 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A1D433858408 From: "sam at gentoo dot org" To: glibc-bugs@sourceware.org Subject: [Bug nss/28752] New: Segfault in getpwuid when stat fails Date: Thu, 06 Jan 2022 18:30:52 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: nss X-Bugzilla-Version: 2.34 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: sam at gentoo dot org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: glibc-bugs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Glibc-bugs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Jan 2022 18:30:52 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D28752 Bug ID: 28752 Summary: Segfault in getpwuid when stat fails Product: glibc Version: 2.34 Status: NEW Severity: normal Priority: P2 Component: nss Assignee: unassigned at sourceware dot org Reporter: sam at gentoo dot org Target Milestone: --- Created attachment 13894 --> https://sourceware.org/bugzilla/attachment.cgi?id=3D13894&action=3Ded= it reproducer-seccomp.c Originally reported in Gentoo: https://bugs.gentoo.org/828070 Discussed on libc-help here: https://sourceware.org/pipermail/libc-help/2021-December/006061.html glib compiled with FAM support ends up crashing Firefox. Andreas Fink did s= ome substantial debugging and ended up finding that the issue is that stat (in nss_database_check_reload_and_get) may fail when e.g. newfstatat is forbidd= en by a seccomp filter. I've attached Andreas' reproducer here. Needs to be linked against libsecco= mp. azanella had a simple patch which works for me: ``` diff --git a/nss/nss_database.c b/nss/nss_database.c index d56c5b798d..24e34213cd 100644 --- a/nss/nss_database.c +++ b/nss/nss_database.c @@ -424,10 +424,11 @@ nss_database_check_reload_and_get (struct nss_database_state *local, errors here are very unlikely, but the chance that we're entering a container is also very unlikely, so we err on the side of both very unlikely things not happening at the same time. */ - if (__stat64_time64 ("/", &str) !=3D 0 - || (local->root_ino !=3D 0 - && (str.st_ino !=3D local->root_ino - || str.st_dev !=3D local->root_dev))) + if (__stat64_time64 ("/", &str) !=3D 0) + return false; + + if (local->root_ino !=3D 0 && (str.st_ino !=3D local->root_ino + || str.st_dev !=3D local->root_dev)) { /* Change detected; disable reloading and return current state. */ atomic_store_release (&local->data.reload_disabled, 1); ``` --=20 You are receiving this mail because: You are on the CC list for the bug.=