Mail Archives: cygwin/2014/05/06/13:50:08

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2014/05/06/13:50:08

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:date:from:mime-version:to:subject

:references:in-reply-to:content-type; q=dns; s=default; b=pPzWeF

YDxSLNh6+K6fbcmtBy8CBKyiUkfKbuvcxVSzUNuKv2mymBHLG5TNJvPa6okD4we7

eYKroXLGDEPcXGGUfa4aJ3ag6C4SZ4WY/X2ysxuFYxUuY0BWNYiQJvp7Ig8hLNnm

T5j2pPE0gGVPeWWKT2MotBu9t4XtYX22Ib7ss=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:date:from:mime-version:to:subject

:references:in-reply-to:content-type; s=default; bh=1tS8vFhXx5Yb

GxConWIIyxuCmas=; b=Z3WPNliUgie0sDq3QcaFL8lWIcFjO4e2ECxvJ33McXEa

+Y/lLd4G6vXKwY/MyjzVxi3yn0F5RbdvhR0ojHvw19dj5i9wT14bttlauIAMa7Fb

A8pLIWI8K8E5erEI9+d0dzQU3Sg7Si5UpPpiDSsPPuSEno03IqrYAoY0KdF+R4M=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2

X-HELO: mx1.redhat.com

Message-ID: <536920BB.3080102@redhat.com>

Date: Tue, 06 May 2014 11:49:47 -0600

From: Eric Blake <eblake AT redhat DOT com>

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0

MIME-Version: 1.0

To: cygwin AT cygwin DOT com

Subject: Re: snapshot 05/05: ssh segmentation fault within screen

References: <5368525F DOT 2070301 AT shaddybaddah DOT name> <20140506163936 DOT GY30918 AT calimero DOT vinschen DOT de>

In-Reply-To: <20140506163936.GY30918@calimero.vinschen.de>

OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg

X-IsSubscribed: yes

--fdX4gegHO1Wuv2iLJculafvTE6WUM18xt
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 05/06/2014 10:39 AM, Corinna Vinschen wrote:

> The problem, which I totally not realized since I started implementing
> this stuff is, that by propagating this cache to child processes, said
> child processes suffer from what the parent process does to the passwd
> structures in the cache.
>=20
> Screen seems to call getpwuid and then sets some of the pointers in the
> passwd structure it got from the call to NULL, apparently for some sort
> of security, this way overwriting the cached passwd struct for the

Bug in screen.  POSIX states:

http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid.html

The application shall not modify the structure to which the return value
points, nor any storage areas pointed to by pointers within the
structure. The returned pointer, and pointers within the structure,
might be invalidated or the structure or the storage areas might be
overwritten by a subsequent call to getpwent(), getpwnam(), or getpwuid().

> current user.  Ssh on the other hand tries to copy the passwd structure,
> but it never checks for NULL pointers because, well, the passwd
> structure never contains NULL pointers.
>=20
> This annihilates every advantage the cygheap caching has.

Caching still sounds correct, let's fix the bug in screen instead of
bloating cygwin to work around it.  Or maybe find a way to cause a SEGV
in any process that tries to write into the pointer returned by getpwuid
and friends, to help them realize their bug, rather than the current
state of propagating the broken memory to other processes.  Maybe you
just memcpy the result out of the cache into local memory, instead of
returning a pointer into the actual cygheap cache.

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

--fdX4gegHO1Wuv2iLJculafvTE6WUM18xt
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJTaSC7AAoJEKeha0olJ0NqUwAH/2Ehnl1BcCMhER7kh/Czxq3m
5y/Dcq2Ijcr6BmkS4TU4enf0VnWkMsKLZdughhWJDV6nleK7sX3mJfygwG861me4
4v8IcX9GUfMtnK+m6NsPVWLX7yIxQ4J80VYlRRC+fduKdNlKcKXMXT/jEJifhkiB
vwzwVvid6VWQg/A2c1GrhI9k1Jig+/Rv0vWsJwhajhSbsKCGa1robo1yMLtk5hHB
JXPp9OTBQ15oo0mGR3Iy1G4QsW/OZodSwEXbtDHOXNZBuPl92aCmO2V/1pRlLCac
eRbLWOp4Wc8vKvgGDM2st6RPpzlawiybljdp2s1ZRtcTVW1qwmThGpPB3dATPYY=
=zxiW
-----END PGP SIGNATURE-----

--fdX4gegHO1Wuv2iLJculafvTE6WUM18xt--

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type; q=dns; s=default; b=pPzWeF
	YDxSLNh6+K6fbcmtBy8CBKyiUkfKbuvcxVSzUNuKv2mymBHLG5TNJvPa6okD4we7
	eYKroXLGDEPcXGGUfa4aJ3ag6C4SZ4WY/X2ysxuFYxUuY0BWNYiQJvp7Ig8hLNnm
	T5j2pPE0gGVPeWWKT2MotBu9t4XtYX22Ib7ss=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type; s=default; bh=1tS8vFhXx5Yb
	GxConWIIyxuCmas=; b=Z3WPNliUgie0sDq3QcaFL8lWIcFjO4e2ECxvJ33McXEa
	+Y/lLd4G6vXKwY/MyjzVxi3yn0F5RbdvhR0ojHvw19dj5i9wT14bttlauIAMa7Fb
	A8pLIWI8K8E5erEI9+d0dzQU3Sg7Si5UpPpiDSsPPuSEno03IqrYAoY0KdF+R4M=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-2.2 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2
X-HELO:	mx1.redhat.com
Message-ID:	<536920BB.3080102@redhat.com>
Date:	Tue, 06 May 2014 11:49:47 -0600
From:	Eric Blake <eblake AT redhat DOT com>
User-Agent:	Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: snapshot 05/05: ssh segmentation fault within screen
References:	<5368525F DOT 2070301 AT shaddybaddah DOT name> <20140506163936 DOT GY30918 AT calimero DOT vinschen DOT de>
In-Reply-To:	<20140506163936.GY30918@calimero.vinschen.de>
OpenPGP:	url=http://people.redhat.com/eblake/eblake.gpg
X-IsSubscribed:	yes