summaryrefslogtreecommitdiff
path: root/src/unistd/setxid.c
AgeCommit message (Collapse)AuthorLines
2023-11-06ensure valid setxid return value in an unexpected error caseMarkus Wichmann-1/+1
If __synccall() fails to capture all threads because tkill fails for some reason other than EAGAIN, then the callback given will never be executed, so nothing will ever overwrite the initial value. So that is the value that will be returned from the function. The previous setting of 1 is not a valid value for setuid() et al. to return. I chose -EAGAIN since I don't know the reason the synccall failed ahead of time, but EAGAIN is a specified error code for a possibly temporary failure in setuid().
2020-10-27refactor setxid return path to use __syscall_retRich Felker-14/+9
this avoids some spurious negation and duplicated errno logic, and brings the code in line with the newly-added multithreaded setgroups.
2015-01-15for multithreaded set*id/setrlimit, handle case where callback does not runRich Felker-1/+1
in the current version of __synccall, the callback is always run, so failure to handle this case did not matter. however, the upcoming overhaul of __synccall will have failure cases, in which case the callback does not run and errno is already set. the changes being committed now are in preparation for that.
2015-01-12remove rlimit hacks from multi-threaded set*id() codeRich Felker-23/+15
the code being removed was introduced to work around "partial failure" of multi-threaded set*id() operations, where some threads would succeed in changing their ids but an RLIMIT_NPROC setting would prevent the rest from succeeding, leaving the process in an inconsistent and dangerous state. however, the workaround code did not handle important usage cases like swapping real and effective uids then restoring their original values, and the wrongful kernel enforcement of RLIMIT_NPROC at setuid time was removed in Linux 3.1, making the workaround obsolete. since the partial failure still is dangerous on old kernels, and could in principle happen on post-fix kernels as well if set*id() syscalls fail for another spurious reason such as resource-related failures, new code is added to detect and forcibly kill the process if/when such a situation arises. future documentation releases should be updated to reflect that setting RLIMIT_NPROC to RLIM_INFINITY is necessary to avoid this forced-kill on old kernels. ideally, at some point the kernel will get proper multi-threaded set*id() syscalls capable of performing their actions atomically, and all of the userspace code to emulate them can be treated as a fallback for outdated kernels.
2011-07-30fix some bugs in setxid and update setrlimit to use __synccallRich Felker-8/+6
setrlimit is supposed to be per-process, not per-thread, but again linux gets it wrong. work around this in userspace. not only is it needed for correctness; setxid also depends on the resource limits for all threads being the same to avoid situations where temporarily unlimiting the limit succeeds in some threads but fails in others.
2011-07-29add setxid.c for new set*id() framework. missed in last commit.Rich Felker-0/+49