Re: [PATCH v3 2/3] gssd: using syscalls directly to change thread's identity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Apr 25, 2016, at 4:23 PM, Jeff Layton <jlayton@xxxxxxxxxxxxxxx> wrote:
> 
> On Mon, 2016-04-25 at 12:58 -0400, Olga Kornievskaia wrote:
>> For the threaded version we have to set uid,gid per thread instead
>> of per process. glibc setresuid() when called from a thread, it'll
>> send a signal to all other threads to synchronize the uid in all
>> other threads. To bypass this, we have to call syscall() directly.
>> 
>> Signed-off-by: Olga Kornievskaia <kolga@xxxxxxxxxx>
>> Reviewed-by: Steve Dickson <steved@xxxxxxxxxx>
>> ---
>>  utils/gssd/gssd_proc.c | 12 +++++++++---
>>  1 file changed, 9 insertions(+), 3 deletions(-)
>> 
>> diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
>> index e2e95dc..487a4f5 100644
>> --- a/utils/gssd/gssd_proc.c
>> +++ b/utils/gssd/gssd_proc.c
>> @@ -69,6 +69,7 @@
>>  #include 
>>  #include 
>>  #include 
>> +#include 
>>  
>>  #include "gssd.h"
>>  #include "err_util.h"
>> @@ -436,7 +437,7 @@ change_identity(uid_t uid)
>>  	struct passwd	*pw;
>>  
>>  	/* drop list of supplimentary groups first */
>> -	if (setgroups(0, NULL) != 0) {
>> +	if (syscall(SYS_setgroups, 0) != 0) {
>>  		printerr(0, "WARNING: unable to drop supplimentary groups!");
>>  		return errno;
>>  	}
>> @@ -457,7 +458,12 @@ change_identity(uid_t uid)
>>  	 * Switch the GIDs. Note that we leave the saved-set-gid alone in an
>>  	 * attempt to prevent attacks via ptrace()
>>  	 */
>> -	if (setresgid(pw->pw_gid, pw->pw_gid, -1) != 0) {
>> +	/* For the threaded version we have to set uid,gid per thread instead
>> +	 * of per process. glibc setresuid() when called from a thread, it'll
>> +	 * send a signal to all other threads to synchronize the uid in all
>> +	 * other threads. To bypass this, we have to call syscall() directly.
>> +	 */
>> +	if (syscall(SYS_setresgid, pw->pw_gid) != 0) {
>>  		printerr(0, "WARNING: failed to set gid to %u!\n", pw->pw_gid);
>>  		return errno;
>>  	}
>> @@ -466,7 +472,7 @@ change_identity(uid_t uid)
>>  	 * Switch UIDs, but leave saved-set-uid alone to prevent ptrace() by
>>  	 * other processes running with this uid.
>>  	 */
>> -	if (setresuid(uid, uid, -1) != 0) {
>> +	if (syscall(SYS_setresuid, uid) != 0) {
> 
> That looks wrong. setresuid takes 3 arguments:
> 
>    SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
> 
> Ditto for setresgid above. syscall is a varargs function, so you really
> _must_ pass in the right number of args or you'll end up feeding it
> random junk in registers or off the stack. The compiler won't save you
> here…

Thanks Jeff. Will fix that. setgroups take 2 args so that should be fixed too.


>>  		printerr(0, "WARNING: Failed to setuid for user with
> uid %u\n",
>>  				uid);
>>  		return errno;
> -- 
> Jeff Layton <jlayton@xxxxxxxxxxxxxxx>

��.n��������+%������w��{.n�����{��w���jg��������ݢj����G�������j:+v���w�m������w�������h�����٥




[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux