linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* PROBLEM: setgroups(2) does not update all threads in a process
@ 2010-10-02  3:11 Mark Heily
  2010-10-04 10:09 ` Américo Wang
  0 siblings, 1 reply; 2+ messages in thread
From: Mark Heily @ 2010-10-02  3:11 UTC (permalink / raw)
  To: linux-kernel


The setgroups(2) system call does not update the credentials for all threads 
in a process. Instead, it only updates the credentials for the currently 
executing thread. Any threads that were created before setgroups() was 
called are not affected.

This is not the expected behavior according to the manpage, which states:

     "setgroups()  sets  the supplementary group IDs for the calling process."

See below for a small test case that demonstrates the problem. This program 
runs successfully on FreeBSD 8 and Solaris 10, but fails on Linux 2.6.32.

I'm not subscribed to LKML, so please CC: all replies to my personal email 
address (mark@heily.com).

Cheers,

  - Mark


/*
  * Copyright (c) 2010 Mark Heily <mark@heily.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */

/*

    Test if setgroups(3) has process or thread scope.

    Example usage:

       gcc -Wall check_setgroups.c -lpthread && sudo ./a.out

  */

#include <err.h>
#include <errno.h>
#include <grp.h>
#include <pthread.h>
#include <sys/types.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>

pthread_mutex_t mtx = PTHREAD_MUTEX_INITIALIZER;

void print_cred(void);
void drop_privs(void);

void drop_privs(void) {
     gid_t gid = 1;

     if (setgid(1) != 0) err(1, "setgid");
     if (setgroups(1, &gid) != 0) err(1, "setgroups");
     if (setuid(1) != 0) err(1, "setuid");
     printf("dropped privileges: ");
     print_cred();
}

void cmp_privs(uid_t uid, gid_t gid, gid_t groups) {
     gid_t buf;

     if (getgid() != gid) errx(1, "wrong gid");
     if (getuid() != uid) errx(1, "wrong uid");
     if (getgroups(1, &buf) != 1) err(1, "getgroups");
     if (buf != groups)
         errx(1, "ERROR: getgroups() returned %d but expected %d\n", buf, 
groups);
}

void print_cred(void) {
     gid_t groups[100];
     int   i, ngroups;

     ngroups = getgroups(100, groups);
     if (ngroups < 0)
         err(1, "getgroups");
     printf("uid=%d gid=%d groups=", getuid(), getgid());
     for (i = 0; i <ngroups; i++) {
         printf("%d ", groups[i]);
     }
     printf("\n");
}

void * thread_main(void *unused) {
     pthread_mutex_lock(&mtx);
     cmp_privs(1,1,1);
     return (NULL);
}

int main() {
     pthread_t tid;
     pthread_attr_t attr;

     if (getuid() != 0)
         errx(1, "ERROR: this must be run as root");

     pthread_mutex_lock(&mtx);
     pthread_attr_init(&attr);
     pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE);
     pthread_create(&tid, &attr, thread_main, NULL);

     drop_privs();
     cmp_privs(1,1,1);
     pthread_mutex_unlock(&mtx);
     pthread_join(tid, NULL);

     puts("+OK");
     exit(0);
}

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: PROBLEM: setgroups(2) does not update all threads in a process
  2010-10-02  3:11 PROBLEM: setgroups(2) does not update all threads in a process Mark Heily
@ 2010-10-04 10:09 ` Américo Wang
  0 siblings, 0 replies; 2+ messages in thread
From: Américo Wang @ 2010-10-04 10:09 UTC (permalink / raw)
  To: Mark Heily; +Cc: linux-kernel

On Fri, Oct 01, 2010 at 11:11:31PM -0400, Mark Heily wrote:
>
>The setgroups(2) system call does not update the credentials for all
>threads in a process. Instead, it only updates the credentials for
>the currently executing thread. Any threads that were created before
>setgroups() was called are not affected.
>
>This is not the expected behavior according to the manpage, which states:
>
>    "setgroups()  sets  the supplementary group IDs for the calling process."
>
>See below for a small test case that demonstrates the problem. This
>program runs successfully on FreeBSD 8 and Solaris 10, but fails on
>Linux 2.6.32.

I got the following from credentials(7):

       The POSIX threads specification requires that credentials are shared by all of
       the threads in a process.  However, at the kernel level, Linux maintains
       separate user and group credentials for each thread.  The NPTL threading
       implementation does some work to ensure that any change to user or group
       credentials (e.g., calls to setuid(2), setresuid(2), etc.)  is carried through
       to all of the POSIX threads in a process.

Hope it helps.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-10-04 10:04 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-02  3:11 PROBLEM: setgroups(2) does not update all threads in a process Mark Heily
2010-10-04 10:09 ` Américo Wang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).