From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/9818 Path: news.gmane.org!not-for-mail From: Lance Chen Newsgroups: gmane.linux.lib.musl.general Subject: AS-safe change for multithreaded setxid breaks chroot() along with set*id() Date: Sat, 2 Apr 2016 04:22:49 +0800 Message-ID: <20160401202249.GB961@lalala> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3uo+9/B/ebqu+fSQ" X-Trace: ger.gmane.org 1459542222 12977 80.91.229.3 (1 Apr 2016 20:23:42 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 1 Apr 2016 20:23:42 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-9831-gllmg-musl=m.gmane.org@lists.openwall.com Fri Apr 01 22:23:35 2016 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1am5bP-0002rf-Jh for gllmg-musl@m.gmane.org; Fri, 01 Apr 2016 22:23:31 +0200 Original-Received: (qmail 7677 invoked by uid 550); 1 Apr 2016 20:23:28 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 7497 invoked from network); 1 Apr 2016 20:23:04 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:mime-version:content-disposition :user-agent; bh=JMOzuB0Ec0UQji965IQpBXkZOzi0yNRXRSXWxjmlHCI=; b=soHBOv6JcMZOLZarnJfDrVIszAwE38D7jhG9+clCQjicq9vEdNQaFw48js7MNSCnG/ h0XpsfA6FIo+tw8Virl9QetmlhngBlMh6Ooi8Mk/69KEduY3Q2ka+HS6QqCV7vFdm9cp XuaWfy2KhNpfaAdgB+jHiA9HDVTYDad8dxUgRybfTBCO6cgJyEpT5Sep8HDUESMG+EwQ AHs9mvLILH2rxf11bWJLUaSIlgZgV90OAuaz9ugq1U8J+moJQHdmKWirYatB6IeaNYeJ mIfE7CyWhZcYHvVzcQm5WT3FeLKSicXcTbz5+IyOO0DfpoWkxLRUJxwTFlcQoIY4Qenx 4aDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:mime-version :content-disposition:user-agent; bh=JMOzuB0Ec0UQji965IQpBXkZOzi0yNRXRSXWxjmlHCI=; b=GCgaKdIqBjMcewMQYcXPADorRQCrQp/3aRyBsSGmfRX3hXUiiWoeKr6CPRQVvjoG11 XR6QyELshC1AYgC6V0OgsqvGYiF2gIxrore3DwRBhtoJas1SjViN31xXjCzkKWSbUn54 jHeKcZQui8EOxlPWKPgMnFup8onOrHQIBKHi7bUcxk+yHcQcUaV0GDqsIqw7FU7qWvSH 0aC6RrwZYOsx2GAT0rIHh2TB/tO27VjIhRZI+KUUBoatzqmYAMLYN78N87x8/+ta+ist 7BUYqs0GhyXi0nH9XleZE44fOpSf+UheExb1VGyb22nMLP+79Xcwzm6w1B5V6X4wFg4Z m4yA== X-Gm-Message-State: AD7BkJLwij2Pt6dqpmIGpwasFU1XHY61X3hxU1fgo8cIBRs+AkHdJnbYFm5ovwQwXwu2OQ== X-Received: by 10.98.73.132 with SMTP id r4mr1288067pfi.118.1459542172693; Fri, 01 Apr 2016 13:22:52 -0700 (PDT) Content-Disposition: inline X-PGP-Key: http://pgp.lance.tw User-Agent: Mutt/1.5.24 (2015-08-30) Xref: news.gmane.org gmane.linux.lib.musl.general:9818 Archived-At: --3uo+9/B/ebqu+fSQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello there, I have been trying to run powerdns on Alpine Linux, which features musl, without success. It turns out that the AS-safe strategy introduced in the patch http://git.musl-libc.org/cgit/musl/commit/?id=78a8ef47c4d92b7680c52a85f80a81e29da86bb9, especially the use of reading /proc/self/task, causes the failure. The failure condition is a combination of three features, pthread, chroot, and set*id. After chroot()'ing to some directory, calling set*id() will try to access /proc/self/task, and fail to find the directory in the new root. I've created a minimal POC at https://gist.github.com/Lance0312/c7a82793e35b322bfbdfe96b79dd3152. I understand how important it is to make set*id calls AS-safe, but there might be a bunch of programs using set*id along with pthread and chroot. (postfix could be one of them, I haven't take a deeper look at it though) And I think it does not quite make sense to ask user not to use the combination of the three features. Does anyone have any possible fix for this? Or anyone know any WIP on the Linux kernel to provide a truly atomic set*id syscall among threads? Related thread: Fixing multithreaded set*id() AS-safety http://www.openwall.com/lists/musl/2014/12/20/1 Cheers, Lance Chen --3uo+9/B/ebqu+fSQ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJW/tiXAAoJEGuii0vA1UxZXSkP/RtUjyx9R77B2bSSk6TEpFnO 0EDEkV+HUz/FtCeLzuLoT4iCRvtbPR6sagDSXvt9nnS8Wv4elgFyhsneZNVTGh7W 1mcIWcW1X0jCqsayQKxoQ8tb7b81biws7m+jBbcgGN6pEKqkGPuXiP/5CjZ7qDMq wbRHRo68w3Wp+YnS22JCde8xio+TyuZ/NuXa7BUG56XXEvTzafKV2Bsnvdba0vct nj0DV8XBqztcCORpxq/E8mg50bBOr644UsXyA8zJcqv4mNzxDghS4uQ5JLHTPjG2 qdDl+olldiiR9A9wLn4A/Ows9FRhluZWg3q1XKt4W+GmTQXvt6d48u8Re0Hk+eQs TYWPtPQVdrYYbo4YXZKEjpw/6074rkjCMzGbOBokvgkvgtoZWQgy7ci/RJ+KTwm9 tehGaNV2OjTuIaMA8Ti77ie5wumyZf71k+V09RRMgSATkodVCzaRE9zqVmAQEXJM XECcdmY+ZmYnm36xUC0Dv1VMfWirqQeErpDBdYDPHO1oj9lydRRy4zK4jXU4cTHw sj8ZFsRrRqoVWPR9S1lIp4lNLiIjlJcoJcBQOa7noNfHiPVDQjB2O5k8ubp3UVfl g/IMNDjNeNFqRsGQBUJB4ozyVL82onEgAqgTGlsTZDvIprhI2APA9KG3QHdeo20C ibJZZyaqpiBaB9hhQSEx =kzDq -----END PGP SIGNATURE----- --3uo+9/B/ebqu+fSQ--