Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits

From: Solar Designer <solar@xxxxxxxxxxxx>
Date: Sun, 20 Aug 2006 20:48:41 +0400

Arjan van de Ven wrote:

sounds like a good argument to get the setuid functions marked
__must_check in glibc...

I agree.

On Sun, Aug 20, 2006 at 09:28:51AM -0700, Ulrich Drepper wrote:

There are too many false positives. E.g., in a SUID binaries switching
back from a non-root UID to root will not fail. Very common.

I wouldn't call those false positives. They're warnings of poorly
written code that might fail with further changes to the kernel or with
custom security modules, or on another Unix-like platform.

Of course, the kernel or security modules must not change the semantics
arbitrarily yet expect old apps to work, however expecting that apps
honor return value from set*[ug]id() would be reasonable. (The only
reason why it is not is that there are so many broken apps out there and
more are being developed.)

Alexander
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

References:
- [PATCH] set*uid() must not fail-and-return on OOM/rlimits
  - From: Solar Designer
- Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits
  - From: Alex Riesen
- Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits
  - From: Solar Designer
- Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits
  - From: Arjan van de Ven
- Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits
  - From: Ulrich Drepper

Prev by Date: Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits
Next by Date: Re: Complaint about return code convention in queue_work() etc.
Previous by thread: Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits
Next by thread: Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits
Index(es):
- Date
- Thread

Relevant Pages

Re: Any Substitute for READONLY in F77?
... about any I/O operation can fail. ... reason in Fortran why this one should. ... My reading of the OP's request was that he appeciated the protection of ... net worth using. ...
(comp.lang.fortran)
Re: transactional file persistence?
... increase the complexity and can fail for a number of reasons. ... Well designed DBMSes have that covered. ... filesystem to experience the same level or complexity of problems. ... Are there any reason I cant make use of any of these safeguards in the ...
(comp.lang.java.help)
Re: PTHREAD_MUTEX_INITIALIZER
... reason internal to the implementation, so you need to check the return ... anything sane if locking a mutex fails for no application-level ... Locking that mutex might not fail, ...
(comp.programming.threads)
Re: I want six signatures
... I will not fail. ... I have tried to fight the mood and the urge to smoke over the last three ... In the past smoking had helped to get me out of the ... Is that enough reason for you ...
(alt.support.stop-smoking)
Re: So its Fallout
... What's the main reason it would fail? ... If it fails for any reason, it will be because it misses the boat on what made FO unique, on the essential "magic" that made it greater than the sum of its parts. ... capability of a dedicated group of game developers. ... about the developers not only brands you as a criminal in your own ...
(comp.sys.ibm.pc.games.rpg)