summaryrefslogtreecommitdiff
path: root/src/signal/sigfillset.c
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2015-01-15 23:17:38 -0500
committerRich Felker <dalias@aerifal.cx>2015-01-15 23:17:38 -0500
commit78a8ef47c4d92b7680c52a85f80a81e29da86bb9 (patch)
tree1363937775b3086470251c8ad9c7f292ce9b6bd9 /src/signal/sigfillset.c
parent7152a61a3ab16eacd8ecb94b81641d76c78958b0 (diff)
downloadmusl-78a8ef47c4d92b7680c52a85f80a81e29da86bb9.tar.gz
overhaul __synccall and fix AS-safety and other issues in set*id
multi-threaded set*id and setrlimit use the internal __synccall function to work around the kernel's wrongful treatment of these process properties as thread-local. the old implementation of __synccall failed to be AS-safe, despite POSIX requiring setuid and setgid to be AS-safe, and was not rigorous in assuring that all threads were caught. in a worst case, threads late in the process of exiting could retain permissions after setuid reported success, in which case attacks to regain dropped permissions may have been possible under the right conditions. the new implementation of __synccall depends on the presence of /proc/self/task and will fail if it can't be opened, but is able to determine that it has caught all threads, and does not use any locks except its own. it thereby achieves AS-safety simply by blocking signals to preclude re-entry in the same thread. with this commit, all known conformance and safety issues in set*id functions should be fixed.
Diffstat (limited to 'src/signal/sigfillset.c')
0 files changed, 0 insertions, 0 deletions