Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

setuid() syscall on Linux only sets uid of current thread #1337

Open
shawnl opened this issue Aug 5, 2018 · 3 comments
Open

setuid() syscall on Linux only sets uid of current thread #1337

shawnl opened this issue Aug 5, 2018 · 3 comments
Labels
os-linux standard library This issue involves writing Zig code for the standard library.
Milestone
0.16.0

Comments

@shawnl
Copy link
Contributor

shawnl commented Aug 5, 2018

we have to set up a signal handler in the other threads to call setuid() and setgid(), and then send the other threads a signal, like glibc does.
@andrewrk
Copy link
Member

andrewrk commented Aug 6, 2018

Thanks for bringing this up. We definitely need to address it. Here's the relevant section from the man page:

C library/kernel differences At the kernel level, user IDs and group IDs are a per-thread attribute. However, POSIX requires that all threads in a process share the same credentials. The NPTL threading implementation handles the POSIX requirements by providing wrapper functions for the various system calls that change process UIDs and GIDs. These wrapper functions (including the one for setuid()) employ a signal- based technique to ensure that when one thread changes credentials, all of the other threads in the process also change their credentials. For details, see nptl(7).

std.os.linux is intended to map to raw Linux syscalls. So std.os.linux.setuid will continue to directly call setuid in the kernel.

However, std.os.posix should be changed to be posix compliant. Right now std.os.posix is assigned directly to either std.os.darwin or std.os.linux, however it will be changed to manually re-export the declarations that are posix compliant from each system, and in some cases, such as setuid, contain a wrapper function to perform this POSIX compliance workaround.

In some cases zig std lib may choose to not implement a posix function, if it is deemed to be too buggy or problematic. This may be the case for setuid. I'll decide when I see the implementation, but "signals" is always a red flag.

@shawnl
Copy link
Contributor Author

shawnl commented Aug 6, 2018
edited
Loading

alternatively we could write a patch to Linux, and introduce a new syscall, perhaps setuid_allthreads() and setgid_allthreads().

We need setuid if we wan't to listen to privileged ports and then drop privileges, although this could be worked around by dropping privileges before spawning threads. (go can't do this)

An alternate fix would be to make posix.setuid() fail if there is more than one thread.

@andrewrk andrewrk added this to the 0.4.0 milestone Aug 6, 2018
@andrewrk andrewrk added the standard library This issue involves writing Zig code for the standard library. label Aug 6, 2018
@andrewrk andrewrk modified the milestones: 0.4.0, 0.5.0 Mar 1, 2019
@andrewrk
Copy link
Member

Related: #2380

@andrewrk andrewrk modified the milestones: 0.5.0, 0.6.0 Apr 30, 2019
@andrewrk andrewrk modified the milestones: 0.6.0, 0.7.0 Jan 3, 2020
@andrewrk andrewrk modified the milestones: 0.7.0, 0.8.0 Oct 10, 2020
@LemonBoy LemonBoy mentioned this issue Oct 27, 2020
Open
@andrewrk andrewrk modified the milestones: 0.8.0, 0.9.0 Nov 6, 2020
@andrewrk andrewrk modified the milestones: 0.9.0, 0.10.0 May 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
os-linux standard library This issue involves writing Zig code for the standard library.
Projects
None yet
Milestone
0.16.0
Development

No branches or pull requests
2 participants
@andrewrk @shawnl