From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 23593 invoked from network); 15 Oct 2020 15:43:42 -0000
Received: from mother.openwall.net (195.42.179.200)
  by inbox.vuxu.org with ESMTPUTF8; 15 Oct 2020 15:43:42 -0000
Received: (qmail 21739 invoked by uid 550); 15 Oct 2020 15:43:36 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 21718 invoked from network); 15 Oct 2020 15:43:35 -0000
Date: Thu, 15 Oct 2020 11:43:23 -0400
From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Message-ID: <20201015154323.GT17637@brightrain.aerifal.cx>
References: <948f6fc6f3458f18152c0f8b505beec0@ispras.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <948f6fc6f3458f18152c0f8b505beec0@ispras.ru>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [musl] Why is setrlimit() considered to have per-thread effect?

On Thu, Oct 15, 2020 at 08:01:00AM +0300, Alexey Izbyshev wrote:
> Hello,
> 
> Commit 544ee752cd[1] claims that setrlimit() is per-thread on Linux,
> similarly to setxid() calls, so it should be called via
> __synccall(). But this appears to be wrong: the kernel code operates
> on tsk->signal[2], which is a per-thread-group structure. Glibc
> doesn't call setrlimit() for each thread either. Am I missing
> something?

POSIX specifies that it sets the limits for the process. If the kernel
doesn't do that, we have to implement in userspace.

> Tangentially, setgroups() is not called via __synccall(), though it
> does have per-thread effect. Is this intentional?

POSIX doesn't define setgroups, so it's up to the implementation.
Conceptually since POSIX has supplemental groups they probably
*should* be forced process-global, so maybe we should change this.

For an example that's more clear-cut, setfs[ug]id is explicitly not
process-global because it's not a security boundary and the whole
purpose is to be able to do local id changes then revert them for the
sake of performing access as a different user/group.

Rich