From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Subject: Re: setrlimit hangs the process
Date: Tue, 25 Sep 2018 12:38:50 -0400 [thread overview]
Message-ID: <20180925163850.GL17995@brightrain.aerifal.cx> (raw)
In-Reply-To: <20180925153605.GF10209@port70.net>
On Tue, Sep 25, 2018 at 05:36:05PM +0200, Szabolcs Nagy wrote:
> * Rabbitstack <rabbitstack7@gmail.com> [2018-09-25 16:54:37 +0200]:
> > Sorry. Let me describe the problem in more detail.
> >
> > The process only hangs when launched without root privileges on the host
> > (Arch Linux x64 with kernel 4.17.5-1) where Alpine docker container is
> > running. Once with root privileges, it starts up correctly (but this is
> > obvious since it doesn't hit setrlimit call). The odd side is that on other
> > hosts it hangs even when started with root. No error messages so far.
> > Strace output:
> >
> > $ sudo strace -p 9285
> >
> > futex(0x2cddfc0, FUTEX_WAIT_PRIVATE, 0, NULL
> >
> > $ sudo strace -f -p 9285
> >
> > .....
> > [pid 9287] getdents64(10, /* 14 entries */, 2048) = 336
> > [pid 9287] tgkill(9285, 9285, SIGRT_2) = 0
> > [pid 9287] futex(0x7efbff70008c, FUTEX_LOCK_PI_PRIVATE,
> > {tv_sec=1537887068, tv_nsec=51442144}) = -1 ETIMEDOUT (Connection timed out)
>
> it looks like musl tries to sync a setuid call across
> all threads (which is necessary since the linux syscall
> only changes the uid for the current thread instead of
> all threads so you can end up with different privileges
> in the same address space which is dangerous as well as
> non-posix conform setuid behaviour)
>
> it's possible that the setuid syncing is somehow wrong
> in musl, but it's more likely that there are threads
> that are not created by the c runtime (but from go) and
> thus the sync cannot possibly work.
It actually can kinda work with such threads. musl's stop-the-world
__synccall pokes all kernel-level threads in the same process (thread
group) as the caller using signals and /proc/self/task to ensure it
didn't miss any, so it will work as long as they haven't blocked
libc-internal signals. There may be problems with the thread pointer
being invalid, though. The __synccall framework itself does not use
the TCB, but other stuff in the callback might. This should probably
be fixed.
> so try to look for where set*id is called and ensure it
> is not called or called before any threads are created
> (or at least before any go threads are created)
>
> note that syscall.Set*id from go does not work either,
> it does not sync the threads (which is dangerously
> broken for a runtime that's always multi-threaded).
Yep, that's unsafe to use. Any use is likely exploitable.
Rich
next prev parent reply other threads:[~2018-09-25 16:38 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-25 12:59 Rabbitstack
2018-09-25 14:15 ` Szabolcs Nagy
2018-09-25 14:54 ` Rabbitstack
2018-09-25 15:13 ` Rich Felker
2018-09-25 15:38 ` Szabolcs Nagy
2018-09-25 15:36 ` Szabolcs Nagy
2018-09-25 16:38 ` Rich Felker [this message]
2018-10-04 14:54 ` Rabbitstack
2018-10-04 15:04 ` Rich Felker
2018-10-04 15:41 ` Rabbitstack
2018-10-04 15:53 ` Rich Felker
2018-10-04 16:05 ` Rabbitstack
2018-10-05 0:47 ` Rich Felker
2018-10-09 19:37 ` Rabbitstack
2018-10-09 19:45 ` Rich Felker
2018-10-09 20:36 ` Szabolcs Nagy
2018-10-09 20:40 ` Rich Felker
2018-10-11 15:14 ` Rabbitstack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180925163850.GL17995@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).