> On Apr 25, 2016, at 4:23 PM, Jeff Layton <jlayton@xxxxxxxxxxxxxxx> wrote: > > On Mon, 2016-04-25 at 12:58 -0400, Olga Kornievskaia wrote: >> For the threaded version we have to set uid,gid per thread instead >> of per process. glibc setresuid() when called from a thread, it'll >> send a signal to all other threads to synchronize the uid in all >> other threads. To bypass this, we have to call syscall() directly. >> >> Signed-off-by: Olga Kornievskaia <kolga@xxxxxxxxxx> >> Reviewed-by: Steve Dickson <steved@xxxxxxxxxx> >> --- >> utils/gssd/gssd_proc.c | 12 +++++++++--- >> 1 file changed, 9 insertions(+), 3 deletions(-) >> >> diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c >> index e2e95dc..487a4f5 100644 >> --- a/utils/gssd/gssd_proc.c >> +++ b/utils/gssd/gssd_proc.c >> @@ -69,6 +69,7 @@ >> #include >> #include >> #include >> +#include >> >> #include "gssd.h" >> #include "err_util.h" >> @@ -436,7 +437,7 @@ change_identity(uid_t uid) >> struct passwd *pw; >> >> /* drop list of supplimentary groups first */ >> - if (setgroups(0, NULL) != 0) { >> + if (syscall(SYS_setgroups, 0) != 0) { >> printerr(0, "WARNING: unable to drop supplimentary groups!"); >> return errno; >> } >> @@ -457,7 +458,12 @@ change_identity(uid_t uid) >> * Switch the GIDs. Note that we leave the saved-set-gid alone in an >> * attempt to prevent attacks via ptrace() >> */ >> - if (setresgid(pw->pw_gid, pw->pw_gid, -1) != 0) { >> + /* For the threaded version we have to set uid,gid per thread instead >> + * of per process. glibc setresuid() when called from a thread, it'll >> + * send a signal to all other threads to synchronize the uid in all >> + * other threads. To bypass this, we have to call syscall() directly. >> + */ >> + if (syscall(SYS_setresgid, pw->pw_gid) != 0) { >> printerr(0, "WARNING: failed to set gid to %u!\n", pw->pw_gid); >> return errno; >> } >> @@ -466,7 +472,7 @@ change_identity(uid_t uid) >> * Switch UIDs, but leave saved-set-uid alone to prevent ptrace() by >> * other processes running with this uid. >> */ >> - if (setresuid(uid, uid, -1) != 0) { >> + if (syscall(SYS_setresuid, uid) != 0) { > > That looks wrong. setresuid takes 3 arguments: > > SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) > > Ditto for setresgid above. syscall is a varargs function, so you really > _must_ pass in the right number of args or you'll end up feeding it > random junk in registers or off the stack. The compiler won't save you > here… Thanks Jeff. Will fix that. setgroups take 2 args so that should be fixed too. >> printerr(0, "WARNING: Failed to setuid for user with > uid %u\n", >> uid); >> return errno; > -- > Jeff Layton <jlayton@xxxxxxxxxxxxxxx> ��.n��������+%������w��{.n�����{��w���jg��������ݢj����G�������j:+v���w�m������w�������h�����٥