mailing list of musl libc
 help / color / mirror / code / Atom feed
From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Subject: Re: setrlimit hangs the process
Date: Tue, 25 Sep 2018 12:38:50 -0400	[thread overview]
Message-ID: <20180925163850.GL17995@brightrain.aerifal.cx> (raw)
In-Reply-To: <20180925153605.GF10209@port70.net>

On Tue, Sep 25, 2018 at 05:36:05PM +0200, Szabolcs Nagy wrote:
> * Rabbitstack <rabbitstack7@gmail.com> [2018-09-25 16:54:37 +0200]:
> > Sorry. Let me describe the problem in more detail.
> > 
> > The process only hangs when launched without root privileges on the host
> > (Arch Linux x64 with kernel 4.17.5-1) where Alpine docker container is
> > running. Once with root privileges, it starts up correctly (but this is
> > obvious since it doesn't hit setrlimit call). The odd side is that on other
> > hosts it hangs even when started with root. No error messages so far.
> > Strace output:
> > 
> > $ sudo strace -p 9285
> > 
> > futex(0x2cddfc0, FUTEX_WAIT_PRIVATE, 0, NULL
> > 
> > $ sudo strace -f -p 9285
> > 
> > .....
> > [pid  9287] getdents64(10, /* 14 entries */, 2048) = 336
> > [pid  9287] tgkill(9285, 9285, SIGRT_2) = 0
> > [pid  9287] futex(0x7efbff70008c, FUTEX_LOCK_PI_PRIVATE,
> > {tv_sec=1537887068, tv_nsec=51442144}) = -1 ETIMEDOUT (Connection timed out)
> 
> it looks like musl tries to sync a setuid call across
> all threads (which is necessary since the linux syscall
> only changes the uid for the current thread instead of
> all threads so you can end up with different privileges
> in the same address space which is dangerous as well as
> non-posix conform setuid behaviour)
> 
> it's possible that the setuid syncing is somehow wrong
> in musl, but it's more likely that there are threads
> that are not created by the c runtime (but from go) and
> thus the sync cannot possibly work.

It actually can kinda work with such threads. musl's stop-the-world
__synccall pokes all kernel-level threads in the same process (thread
group) as the caller using signals and /proc/self/task to ensure it
didn't miss any, so it will work as long as they haven't blocked
libc-internal signals. There may be problems with the thread pointer
being invalid, though. The __synccall framework itself does not use
the TCB, but other stuff in the callback might. This should probably
be fixed.

> so try to look for where set*id is called and ensure it
> is not called or called before any threads are created
> (or at least before any go threads are created)
> 
> note that syscall.Set*id from go does not work either,
> it does not sync the threads (which is dangerously
> broken for a runtime that's always multi-threaded).

Yep, that's unsafe to use. Any use is likely exploitable.

Rich


  reply	other threads:[~2018-09-25 16:38 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-25 12:59 Rabbitstack
2018-09-25 14:15 ` Szabolcs Nagy
2018-09-25 14:54   ` Rabbitstack
2018-09-25 15:13     ` Rich Felker
2018-09-25 15:38       ` Szabolcs Nagy
2018-09-25 15:36     ` Szabolcs Nagy
2018-09-25 16:38       ` Rich Felker [this message]
2018-10-04 14:54         ` Rabbitstack
2018-10-04 15:04           ` Rich Felker
2018-10-04 15:41             ` Rabbitstack
2018-10-04 15:53               ` Rich Felker
2018-10-04 16:05                 ` Rabbitstack
2018-10-05  0:47                 ` Rich Felker
2018-10-09 19:37                   ` Rabbitstack
2018-10-09 19:45                     ` Rich Felker
2018-10-09 20:36                     ` Szabolcs Nagy
2018-10-09 20:40                       ` Rich Felker
2018-10-11 15:14                         ` Rabbitstack

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180925163850.GL17995@brightrain.aerifal.cx \
    --to=dalias@libc.org \
    --cc=musl@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).