X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; q=dns; s= default; b=bDqZ6gM5paQllPojFW4soueTLM9CMtSGJWm7kZyDAZ1ym3U1hiCQ6 d9rUBntqCMYEM3qE4TBEn+EH+7Lc3K4mqBF7urPB3xeFajXHLDrVRC+2ckIpx7fN KaeNRdIz9Dqfcwe2qG0m0AmXD32WOHsseQjuEso8tXpVvwILwEEgSE= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; s=default; bh=CQNv71sThdJNO3qhgmzSCcF5GiY=; b=Rxna4LZc0tPBg0q7w7FMTOH3pfhS BkX5ATPre+BxaINPdVqlPHyMUDFFdMbBg3s07EtAd0SC8seQNmAZnFg67WtNfE4h zB9KFu71ui39iDYWCQsnBkouQ6GnzjYXs3RRetugaqSGWGd6UjntTdmg9P1I30tV r5qtYJEC2lB8XhU= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 X-HELO: calimero.vinschen.de Date: Tue, 6 May 2014 20:49:15 +0200 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: snapshot 05/05: ssh segmentation fault within screen Message-ID: <20140506184915.GA30918@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <5368525F DOT 2070301 AT shaddybaddah DOT name> <20140506163936 DOT GY30918 AT calimero DOT vinschen DOT de> <536920BB DOT 3080102 AT redhat DOT com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Ca23f2aBZR6YDKM9" Content-Disposition: inline In-Reply-To: <536920BB.3080102@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) --Ca23f2aBZR6YDKM9 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On May 6 11:49, Eric Blake wrote: > On 05/06/2014 10:39 AM, Corinna Vinschen wrote: >=20 > > The problem, which I totally not realized since I started implementing > > this stuff is, that by propagating this cache to child processes, said > > child processes suffer from what the parent process does to the passwd > > structures in the cache. > >=20 > > Screen seems to call getpwuid and then sets some of the pointers in the > > passwd structure it got from the call to NULL, apparently for some sort > > of security, this way overwriting the cached passwd struct for the >=20 > Bug in screen. POSIX states: >=20 > http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid.html >=20 > The application shall not modify the structure to which the return value > points, nor any storage areas pointed to by pointers within the > structure. The returned pointer, and pointers within the structure, > might be invalidated or the structure or the storage areas might be > overwritten by a subsequent call to getpwent(), getpwnam(), or getpwuid(). Oh, wow. However, what if screen (thinks it) never calls getpwuid or getpwnam again. In that case it may do whatever it wants with the pointers inside the returned passwd structure, doesn't it? It certainly doesn't have to expect sharing with another process. > > current user. Ssh on the other hand tries to copy the passwd structure, > > but it never checks for NULL pointers because, well, the passwd > > structure never contains NULL pointers. > >=20 > > This annihilates every advantage the cygheap caching has. >=20 > Caching still sounds correct, let's fix the bug in screen instead of > bloating cygwin to work around it. Or maybe find a way to cause a SEGV > in any process that tries to write into the pointer returned by getpwuid > and friends, to help them realize their bug, rather than the current > state of propagating the broken memory to other processes. Hmm, I'd have to allocate a full 4K page for this. Also, ssh called from screen works fine on Linux, even if the above behaviour is buggy... > Maybe you > just memcpy the result out of the cache into local memory, instead of > returning a pointer into the actual cygheap cache. Yes, that's what I was coming to realize, too. I'm going to copy the entire entry to local storage and return a pointer to that. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --Ca23f2aBZR6YDKM9 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTaS6rAAoJEPU2Bp2uRE+gXqwP/RZeLx49wQrATM8KmhMKXGi2 /oCATRnuROwlvEMrdB4KB2N/8bZuitjW4lry0d/D6gfceueuRGqo/chrKNjGFGQe DCzaiQ0i7i9SM9hMCbVHW6SDuUZx7d78Zw+L/Ar9tW2WepXeyP+p7wLLFh5pyZNR Ret2RzMOFNbMVWvFvVk6tbJ6rXFDE+CGYZFZmx9R9147qGrSBPB1ELNqCqS8tGxE jRFUEpMGYySZROfO066Iv44mKyFoYIYE5sgl4MD69Al0IEXiy2skMg5/Y7xEVhEw Gbr/9Omzzk62rhQfiow5MJ8fK5rNCaKPVTUIuEWRuXLZlXGHv1m2Z4vU9TUHR/ET kkjRTdoHD6iXTQkPXPQZSW+yY4wQGjXEVEsSGGtC0BPWBMnSEwY/MsJMazvvY2Bk MC6v51mL+iv/EaJuyHFkEJ3IHx1w0HKlXHuiUrbwA+L45UhtH1flNDvCKVg4ILQn V1xszT4Hwqnnd2Tmlb2hX39acaY24CSOr+h8UQ7Nepq+eBtxeYqnelqwXa/vmZEH 6pdoxvgdLloHnXZQbgR30EVRaPtosc41bC4L5xf5mngYK3rwHyg7M2LwUkSPR4Wg LOZabzdCtaoqCP2cEnm4AN7t5KQS/ZyliZ78i7HOvfzShEzz77a3j579K+ISrYJv VKCvGqpV4q9GaIAT6s1+ =ae+P -----END PGP SIGNATURE----- --Ca23f2aBZR6YDKM9--