On 05/06/2014 10:39 AM, Corinna Vinschen wrote: > The problem, which I totally not realized since I started implementing > this stuff is, that by propagating this cache to child processes, said > child processes suffer from what the parent process does to the passwd > structures in the cache. > > Screen seems to call getpwuid and then sets some of the pointers in the > passwd structure it got from the call to NULL, apparently for some sort > of security, this way overwriting the cached passwd struct for the
Bug in screen. POSIX states: http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid.html The application shall not modify the structure to which the return value points, nor any storage areas pointed to by pointers within the structure. The returned pointer, and pointers within the structure, might be invalidated or the structure or the storage areas might be overwritten by a subsequent call to getpwent(), getpwnam(), or getpwuid(). > current user. Ssh on the other hand tries to copy the passwd structure, > but it never checks for NULL pointers because, well, the passwd > structure never contains NULL pointers. > > This annihilates every advantage the cygheap caching has. Caching still sounds correct, let's fix the bug in screen instead of bloating cygwin to work around it. Or maybe find a way to cause a SEGV in any process that tries to write into the pointer returned by getpwuid and friends, to help them realize their bug, rather than the current state of propagating the broken memory to other processes. Maybe you just memcpy the result out of the cache into local memory, instead of returning a pointer into the actual cygheap cache. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
