Re: [RFC PATCH v2 2/3] gssd: using syscalls directly to change thread's identity

Steve Dickson <SteveD@xxxxxxxxxx> · Fri, 22 Apr 2016 14:38:40 -0400

On 04/20/2016 05:12 PM, Olga Kornievskaia wrote:
> For the threaded version we have to set uid,gid per thread instead
> of per process. glibc setresuid() when called from a thread, it'll
> send a signal to all other threads to synchronize the uid in all
> other threads. To bypass this, we have to call syscall() directly.
> 
> Signed-off-by: Olga Kornievskaia <kolga@xxxxxxxxxx>
> Reviewed-by: Steve Dickson <steved@xxxxxxxxxx>
> ---
>  utils/gssd/gssd_proc.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
> index 581a125..5d9a6db 100644
> --- a/utils/gssd/gssd_proc.c
> +++ b/utils/gssd/gssd_proc.c
> @@ -69,6 +69,7 @@
>  #include <netdb.h>
>  #include <sys/types.h>
>  #include <sys/wait.h>
> +#include <syscall.h>
>  
>  #include "gssd.h"
>  #include "err_util.h"
> @@ -457,7 +458,12 @@ change_identity(uid_t uid)
>  	 * Switch the GIDs. Note that we leave the saved-set-gid alone in an
>  	 * attempt to prevent attacks via ptrace()
>  	 */
> -	if (setresgid(pw->pw_gid, pw->pw_gid, -1) != 0) {
> +	/* For the threaded version we have to set uid,gid per thread instead
> +	 * of per process. glibc setresuid() when called from a thread, it'll
> +	 * send a signal to all other threads to synchronize the uid in all
> +	 * other threads. To bypass this, we have to call syscall() directly.
> +	 */
> +	if (syscall(SYS_setresgid, pw->pw_gid) != 0) {
>  		printerr(0, "WARNING: failed to set gid to %u!\n", pw->pw_gid);
>  		return errno;
>  	}
> @@ -466,7 +472,7 @@ change_identity(uid_t uid)
>  	 * Switch UIDs, but leave saved-set-uid alone to prevent ptrace() by
>  	 * other processes running with this uid.
>  	 */
> -	if (setresuid(uid, uid, -1) != 0) {
> +	if (syscall(SYS_setresuid, uid) != 0) {
>  		printerr(0, "WARNING: Failed to setuid for user with uid %u\n",
>  				uid);
>  		return errno;
> 
We also have to do the same thing to the setgroups() call at the
top of change_identity(). So add the following diff to this 
patch and we are good to go...

diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index e651d71..2f9f8ab 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -437,7 +437,7 @@ change_identity(uid_t uid)
        struct passwd   *pw;
 
        /* drop list of supplimentary groups first */
-       if (setgroups(0, NULL) != 0) {
+       if (syscall(SYS_setgroups, 0) != 0) {
                printerr(0, "WARNING: unable to drop supplimentary groups!");
                return errno;
        }

steved.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






