X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; q=dns; s= default; b=vZKNNt3F1ueTRfHhLYenexepPqDFCewfPdx4ZObbUQjmACiz4pF7k Eto1qhBVO17Hh7Shu8Q0oaeL5Z1uT9NdUuhM2oLR2SnVxC6sz8RUF9nUT1CWgnN5 owT2P8Hv5lj3w4klg4w9+CCaCEXcldgavb4LOtof2JavFM1I1ss7kw= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; s=default; bh=vAdbcPAfeuJ4YZwBW2sUxbXOUgs=; b=yzjqHCFiTTfz3b5kdtRYrOp1HNr4 OZPkgyKnCn+Clluf1E8AqY5ADjIr21DmFvq3R8HPY+rZvIgeR5Xi9qc6sHUeT6xl vR2xcMFX212KO6nMBKafIDxhl1U8s7LiLiYopFbhPljkK8dZ+BN1vkiXQx6pyWFe s99CaFtFML6yuJQ= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 X-HELO: calimero.vinschen.de Date: Wed, 7 May 2014 14:22:18 +0200 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: snapshot 05/05: ssh segmentation fault within screen Message-ID: <20140507122218.GF30918@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <5368525F DOT 2070301 AT shaddybaddah DOT name> <20140506163936 DOT GY30918 AT calimero DOT vinschen DOT de> <536920BB DOT 3080102 AT redhat DOT com> <20140506184915 DOT GA30918 AT calimero DOT vinschen DOT de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="l21Zc9uzwusa2dXo" Content-Disposition: inline In-Reply-To: <20140506184915.GA30918@calimero.vinschen.de> User-Agent: Mutt/1.5.21 (2010-09-15) --l21Zc9uzwusa2dXo Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On May 6 20:49, Corinna Vinschen wrote: > On May 6 11:49, Eric Blake wrote: > > On 05/06/2014 10:39 AM, Corinna Vinschen wrote: > >=20 > > > The problem, which I totally not realized since I started implementing > > > this stuff is, that by propagating this cache to child processes, said > > > child processes suffer from what the parent process does to the passwd > > > structures in the cache. > > >=20 > > > Screen seems to call getpwuid and then sets some of the pointers in t= he > > > passwd structure it got from the call to NULL, apparently for some so= rt > > > of security, this way overwriting the cached passwd struct for the > >=20 > > Bug in screen. POSIX states: > >=20 > > http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid.html > >=20 > > The application shall not modify the structure to which the return value > > points, nor any storage areas pointed to by pointers within the > > structure. The returned pointer, and pointers within the structure, > > might be invalidated or the structure or the storage areas might be > > overwritten by a subsequent call to getpwent(), getpwnam(), or getpwuid= (). >=20 > Oh, wow. However, what if screen (thinks it) never calls getpwuid or > getpwnam again. In that case it may do whatever it wants with the > pointers inside the returned passwd structure, doesn't it? It certainly > doesn't have to expect sharing with another process. >=20 > > > current user. Ssh on the other hand tries to copy the passwd structu= re, > > > but it never checks for NULL pointers because, well, the passwd > > > structure never contains NULL pointers. > > >=20 > > > This annihilates every advantage the cygheap caching has. > >=20 > > Caching still sounds correct, let's fix the bug in screen instead of > > bloating cygwin to work around it. Or maybe find a way to cause a SEGV > > in any process that tries to write into the pointer returned by getpwuid > > and friends, to help them realize their bug, rather than the current > > state of propagating the broken memory to other processes. >=20 > Hmm, I'd have to allocate a full 4K page for this. Also, ssh called > from screen works fine on Linux, even if the above behaviour is buggy... >=20 > > Maybe you > > just memcpy the result out of the cache into local memory, instead of > > returning a pointer into the actual cygheap cache. >=20 > Yes, that's what I was coming to realize, too. I'm going to copy the > entire entry to local storage and return a pointer to that. I created a matching patch. Please give the today's developer snapshot from http://cygwin.com/snapshots/ a try. Thanks, Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --l21Zc9uzwusa2dXo Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTaiV6AAoJEPU2Bp2uRE+gXmoP/iHNrPfDmJKUZYNkeM3gaBrT h4I9x3cMjZMBMlayx/Y0fV421Y9R3c9J5qe7jimkUK380wpN5pogdknv0g3O8X8k nBpy//KqHNLNLIBgifYP9LfwHsjD0GPYR9oimlkAv3111Zi3Ol39jBF+qYBGSJga 7I09v/pC4y9ujrNILx5dsJx9YPqoVkiiaHDksb1F4F+5UQZ7pEoZ4eXy95y0qncA OcBm9hLKGS0oJfn/JXYicMKHYJMRffw8aJjYYYittrHtF8sZJg5Y86Jl2Jc+u23B 8u4fj7YvF4Ui4SN2GZjGRmbacH8JmNsimpnzxJYcXS0ElbwZxdzzzpgP2EIKjRIv 3AI4Wj6n5g+zufkdXvM+5960tfAv7vhMJjf2MSQ4F5JBRmGb/TcBeIj1qM/ZZA2C jeaIxAc9Cw4QJeYX69/n7wMwHwSidh5pOfNAjgQHyTPbl40tNJlhFEg67S03HKE2 s+cEtMUGMxbmVtdtgGtEHNWycL3VeVCUeF5qnWO1iRVgIevFZMdtl7nDUCL5qvZ3 QrtekZAGi+K76lXnib0EkFpjxxrmi3B2I8tr1pgm+gHijxz1fqotWxcEPZYsIUEy QLyp+QT857lNkFQU9HW0cvwKN/ipLpORYqKh88kuxbvWt0bOJ1OC6kQJkgHPytcd vQ9rLuT88BWsoJgKT+l9 =+di7 -----END PGP SIGNATURE----- --l21Zc9uzwusa2dXo--