Mail Archives: cygwin/2014/05/07/08:22:40
--l21Zc9uzwusa2dXo
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On May 6 20:49, Corinna Vinschen wrote:
> On May 6 11:49, Eric Blake wrote:
> > On 05/06/2014 10:39 AM, Corinna Vinschen wrote:
> >=20
> > > The problem, which I totally not realized since I started implementing
> > > this stuff is, that by propagating this cache to child processes, said
> > > child processes suffer from what the parent process does to the passwd
> > > structures in the cache.
> > >=20
> > > Screen seems to call getpwuid and then sets some of the pointers in t=
he
> > > passwd structure it got from the call to NULL, apparently for some so=
rt
> > > of security, this way overwriting the cached passwd struct for the
> >=20
> > Bug in screen. POSIX states:
> >=20
> > http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid.html
> >=20
> > The application shall not modify the structure to which the return value
> > points, nor any storage areas pointed to by pointers within the
> > structure. The returned pointer, and pointers within the structure,
> > might be invalidated or the structure or the storage areas might be
> > overwritten by a subsequent call to getpwent(), getpwnam(), or getpwuid=
().
>=20
> Oh, wow. However, what if screen (thinks it) never calls getpwuid or
> getpwnam again. In that case it may do whatever it wants with the
> pointers inside the returned passwd structure, doesn't it? It certainly
> doesn't have to expect sharing with another process.
>=20
> > > current user. Ssh on the other hand tries to copy the passwd structu=
re,
> > > but it never checks for NULL pointers because, well, the passwd
> > > structure never contains NULL pointers.
> > >=20
> > > This annihilates every advantage the cygheap caching has.
> >=20
> > Caching still sounds correct, let's fix the bug in screen instead of
> > bloating cygwin to work around it. Or maybe find a way to cause a SEGV
> > in any process that tries to write into the pointer returned by getpwuid
> > and friends, to help them realize their bug, rather than the current
> > state of propagating the broken memory to other processes.
>=20
> Hmm, I'd have to allocate a full 4K page for this. Also, ssh called
> from screen works fine on Linux, even if the above behaviour is buggy...
>=20
> > Maybe you
> > just memcpy the result out of the cache into local memory, instead of
> > returning a pointer into the actual cygheap cache.
>=20
> Yes, that's what I was coming to realize, too. I'm going to copy the
> entire entry to local storage and return a pointer to that.
I created a matching patch. Please give the today's developer snapshot
from http://cygwin.com/snapshots/ a try.
Thanks,
Corinna
--=20
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
--l21Zc9uzwusa2dXo
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJTaiV6AAoJEPU2Bp2uRE+gXmoP/iHNrPfDmJKUZYNkeM3gaBrT
h4I9x3cMjZMBMlayx/Y0fV421Y9R3c9J5qe7jimkUK380wpN5pogdknv0g3O8X8k
nBpy//KqHNLNLIBgifYP9LfwHsjD0GPYR9oimlkAv3111Zi3Ol39jBF+qYBGSJga
7I09v/pC4y9ujrNILx5dsJx9YPqoVkiiaHDksb1F4F+5UQZ7pEoZ4eXy95y0qncA
OcBm9hLKGS0oJfn/JXYicMKHYJMRffw8aJjYYYittrHtF8sZJg5Y86Jl2Jc+u23B
8u4fj7YvF4Ui4SN2GZjGRmbacH8JmNsimpnzxJYcXS0ElbwZxdzzzpgP2EIKjRIv
3AI4Wj6n5g+zufkdXvM+5960tfAv7vhMJjf2MSQ4F5JBRmGb/TcBeIj1qM/ZZA2C
jeaIxAc9Cw4QJeYX69/n7wMwHwSidh5pOfNAjgQHyTPbl40tNJlhFEg67S03HKE2
s+cEtMUGMxbmVtdtgGtEHNWycL3VeVCUeF5qnWO1iRVgIevFZMdtl7nDUCL5qvZ3
QrtekZAGi+K76lXnib0EkFpjxxrmi3B2I8tr1pgm+gHijxz1fqotWxcEPZYsIUEy
QLyp+QT857lNkFQU9HW0cvwKN/ipLpORYqKh88kuxbvWt0bOJ1OC6kQJkgHPytcd
vQ9rLuT88BWsoJgKT+l9
=+di7
-----END PGP SIGNATURE-----
--l21Zc9uzwusa2dXo--
- Raw text -