> On 05/06/2014 10:39 AM, Corinna Vinschen wrote: > > > The problem, which I totally not realized since I started implementing > > this stuff is, that by propagating this cache to child processes, said > > child processes suffer from what the parent process does to the passwd > > structures in the cache. > > > > Screen seems to call getpwuid and then sets some of the pointers in the > > passwd structure it got from the call to NULL, apparently for some sort > > of security, this way overwriting the cached passwd struct for the > > Bug in screen. POSIX states: > > http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid.html > > The application shall not modify the structure to which the return value > points, nor any storage areas pointed to by pointers within the > structure. The returned pointer, and pointers within the structure, > might be invalidated or the structure or the storage areas might be > overwritten by a subsequent call to getpwent(), getpwnam(), or getpwuid().
Fixing this would be well out of my depth, but I'll gladly include any patches to screen that fix it. Meanwhile there's a new release of screen (4.2.1) upstream, about one year newer than the last commit I packaged for Cygwin, so maybe this problem has already been addressed. I'll get the new release out ASAP so we can test. Andrew -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
