From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qv1-xf29.google.com (mail-qv1-xf29.google.com [IPv6:2607:f8b0:4864:20::f29]) by sourceware.org (Postfix) with ESMTPS id 78F003858D28 for ; Fri, 3 Dec 2021 15:15:41 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 78F003858D28 Received: by mail-qv1-xf29.google.com with SMTP id gu12so3025244qvb.6 for ; Fri, 03 Dec 2021 07:15:41 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=uNlm8OReOfQ7O+q8okHdldGfHl8rd9PQoGPhglNoxKw=; b=NkL/YuFBvf1IGK/DRz97kmqmLyccVQMNFL86+QDhgydjvR2UIMkKu1HFO1t7IO4JGh aRUvbHKSonIkNdkGbZ4QumyRn6LBivQxtpyXqhozE+C3EiHMnn99SYjNxYAr6HwSR3wy f0wIsJtzM4UF9sQuRf2FizIg1Y3DN7kDsDuZzahT0sczsavGNJNnm17c8Nnlwk0SW4nM sMeLZfeZJ3Cf6b+79UxVYICi5d0ceaKnuY+TksFiSvjDaiv9uWpGWdZnAnJxUY19Q+pa FJ/XCwVgV2/wkrKXkUrTHqSBajWPaRETSj7J9IA1qdii4ik+zrkwdskqSnh05ekGhl7X hlNQ== X-Gm-Message-State: AOAM5315CBwRahM6LQ8pmPVGeANJOlRH5KwaxNLqiy3VBktJGYUii66o Nxxv0S8n1hR4/+tm2VVH5GxRKQ== X-Google-Smtp-Source: ABdhPJxVLvgx43HbKBG14aP96SxTZsdnNpQ8s3Tdh6LWswuKXIkCm7o+QtSNvQERldjn7e0r0EGbbg== X-Received: by 2002:a05:6214:19e3:: with SMTP id q3mr20247831qvc.35.1638544541022; Fri, 03 Dec 2021 07:15:41 -0800 (PST) Received: from ?IPV6:2804:431:c7cb:30f8:f5d6:4b6d:fe6a:d565? ([2804:431:c7cb:30f8:f5d6:4b6d:fe6a:d565]) by smtp.gmail.com with ESMTPSA id q12sm2511276qtx.16.2021.12.03.07.15.39 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 03 Dec 2021 07:15:40 -0800 (PST) Message-ID: Date: Fri, 3 Dec 2021 12:15:39 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.2 Subject: Re: segmentation fault with glibc-2.34 Content-Language: en-US To: Florian Weimer , Adhemerval Zanella via Libc-help References: <20211203143805.04797c96@anfink-laptop> <8735n9ybnj.fsf@oldenburg.str.redhat.com> From: Adhemerval Zanella In-Reply-To: <8735n9ybnj.fsf@oldenburg.str.redhat.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_NUMSUBJECT, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-help@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-help mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Dec 2021 15:15:43 -0000 On 03/12/2021 12:02, Florian Weimer wrote: > * Adhemerval Zanella via Libc-help: > >> On Fri, Dec 3, 2021 at 10:38 AM Andreas Fink via Libc-help >> wrote: >>> >>> Hello, >>> I have observed a crash in firefox with glibc-2.34 and have found a >>> small reproducer. >>> Is the sigsys signal handler valid? If yes, then there is a bug in >>> glibc-2.34. >>> If it is invalid to set the result in the context, I think the firefox >>> sandbox is doing dodgy things. >>> >>> gcc test.c -lseccomp >>> strace ./a.out >> >> The seccomp filter *explicitly* blocks newfstatat, which might be used >> by getpwuid. > > It's used by the chroot detection. NSS assumes that a chroot has > happened and disables module loading. This produces internal null > pointers despite returning success from the lookup, and the callers do > not handle that. I'm not sure how the previous code handled that. > Indeed this is what is happening on nss_database_check_reload_and_get. > We should probably return EPERM due to that failing stat call and > propagate the failure to the caller. Returning ENOENT/a successful > lookup that produces no data seems wrong. Agreed.