| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 01 Oct 2010 23:11:31 -0400
From: Mark Heily <mark@...ly.com>
To: linux-kernel@...r.kernel.org
Subject: PROBLEM: setgroups(2) does not update all threads in a process
The setgroups(2) system call does not update the credentials for all threads
in a process. Instead, it only updates the credentials for the currently
executing thread. Any threads that were created before setgroups() was
called are not affected.
This is not the expected behavior according to the manpage, which states:
"setgroups() sets the supplementary group IDs for the calling process."
See below for a small test case that demonstrates the problem. This program
runs successfully on FreeBSD 8 and Solaris 10, but fails on Linux 2.6.32.
I'm not subscribed to LKML, so please CC: all replies to my personal email
address (mark@...ly.com).
Cheers,
- Mark
/*
* Copyright (c) 2010 Mark Heily <mark@...ly.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
Test if setgroups(3) has process or thread scope.
Example usage:
gcc -Wall check_setgroups.c -lpthread && sudo ./a.out
*/
#include <err.h>
#include <errno.h>
#include <grp.h>
#include <pthread.h>
#include <sys/types.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
pthread_mutex_t mtx = PTHREAD_MUTEX_INITIALIZER;
void print_cred(void);
void drop_privs(void);
void drop_privs(void) {
gid_t gid = 1;
if (setgid(1) != 0) err(1, "setgid");
if (setgroups(1, &gid) != 0) err(1, "setgroups");
if (setuid(1) != 0) err(1, "setuid");
printf("dropped privileges: ");
print_cred();
}
void cmp_privs(uid_t uid, gid_t gid, gid_t groups) {
gid_t buf;
if (getgid() != gid) errx(1, "wrong gid");
if (getuid() != uid) errx(1, "wrong uid");
if (getgroups(1, &buf) != 1) err(1, "getgroups");
if (buf != groups)
errx(1, "ERROR: getgroups() returned %d but expected %d\n", buf,
groups);
}
void print_cred(void) {
gid_t groups[100];
int i, ngroups;
ngroups = getgroups(100, groups);
if (ngroups < 0)
err(1, "getgroups");
printf("uid=%d gid=%d groups=", getuid(), getgid());
for (i = 0; i <ngroups; i++) {
printf("%d ", groups[i]);
}
printf("\n");
}
void * thread_main(void *unused) {
pthread_mutex_lock(&mtx);
cmp_privs(1,1,1);
return (NULL);
}
int main() {
pthread_t tid;
pthread_attr_t attr;
if (getuid() != 0)
errx(1, "ERROR: this must be run as root");
pthread_mutex_lock(&mtx);
pthread_attr_init(&attr);
pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE);
pthread_create(&tid, &attr, thread_main, NULL);
drop_privs();
cmp_privs(1,1,1);
pthread_mutex_unlock(&mtx);
pthread_join(tid, NULL);
puts("+OK");
exit(0);
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists