Date: Tue, 1 Oct 2019 11:29:08 +0200 From: Szabolcs Nagy <nsz@...t70.net> To: musl@...ts.openwall.com Cc: Joshua Hudson <joshudson@...il.com> Subject: Re: Re: Hangup calling setuid() from vfork() child * Florian Weimer <fweimer@...hat.com> [2019-10-01 07:54:56 +0200]: > * Joshua Hudson: > > >> Basically, the vfork() child is in an invalid state and this cannot > >> be repaired without damaging the parent. > > > > Works on glibc just fine. > > Are you sure it's changing the credentials of the right TIDs? i don't think it works on glibc (or any other linux libc for that matter) reliably because the child uses parent data structures to sync with concurrent threads and the child also clobbers the errno of the parent. but it will work usually on glibc because the signals are sent with tgkill which uses getpid + target tid and that will just fail because of the pid mismatch, i think glibc will only deadlock if the parent concurrently fiddles with the thread stack list. in any case setuid is not supportable after vfork on linux so i don't think musl should change, glibc may want to make it fail somehow to ensure users don't get the wrong idea.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.