| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Oct 2010 18:09:20 +0800
From: Américo Wang <xiyou.wangcong@...il.com>
To: Mark Heily <mark@...ly.com>
Cc: linux-kernel@...r.kernel.org
Subject: Re: PROBLEM: setgroups(2) does not update all threads in a process
On Fri, Oct 01, 2010 at 11:11:31PM -0400, Mark Heily wrote:
>
>The setgroups(2) system call does not update the credentials for all
>threads in a process. Instead, it only updates the credentials for
>the currently executing thread. Any threads that were created before
>setgroups() was called are not affected.
>
>This is not the expected behavior according to the manpage, which states:
>
> "setgroups() sets the supplementary group IDs for the calling process."
>
>See below for a small test case that demonstrates the problem. This
>program runs successfully on FreeBSD 8 and Solaris 10, but fails on
>Linux 2.6.32.
I got the following from credentials(7):
The POSIX threads specification requires that credentials are shared by all of
the threads in a process. However, at the kernel level, Linux maintains
separate user and group credentials for each thread. The NPTL threading
implementation does some work to ensure that any change to user or group
credentials (e.g., calls to setuid(2), setresuid(2), etc.) is carried through
to all of the POSIX threads in a process.
Hope it helps.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists