diff options
| author | Markus Wichmann <nullplan@gmx.net> | 2023-10-31 17:03:44 +0100 | 
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2023-11-06 13:05:24 -0500 | 
| commit | 7f3a2925369c00abc33457400e33632e6dacb8ae (patch) | |
| tree | 03eefaabaefd100ef7e346f5f10326e8490a5638 /src/unistd/setreuid.c | |
| parent | 5baf2d92d3ed82960c419cb6093fbcdd028dde11 (diff) | |
| download | musl-7f3a2925369c00abc33457400e33632e6dacb8ae.tar.gz | |
synccall: add separate exit_sem to fix thread release logic bug
The code intends for the sem_post() in line 97 (now 98) to only unblock
target threads waiting on line 29. But after the first thread is
released, the next sem_post() might also unblock a thread waiting on
line 36. That would cause the thread to return to the execution of user
code before all threads are done, leading to user code being executed in
a mixed-credentials environment.
What's more, if this happens more than once, then the mass release on
line 110 (now line 111) will cause multiple threads to execute the
callback at the same time, and the callbacks are currently not written
to cope with that situation.
Adding another semaphore allows the caller to say explicitly which
threads it wants to release.
Diffstat (limited to 'src/unistd/setreuid.c')
0 files changed, 0 insertions, 0 deletions
