Re: [PATCH 00/26] Fixing wait, exit, ptrace, exec, and CLONE_THREAD
From: Aleksa Sarai
Date: Tue Jun 06 2017 - 15:41:19 EST
Another easy entry point is to see that a multi-threaded setuid won't
change the credentials on a zombie thread group leader. Which can allow
sending signals to a process that the credential change should forbid.
This is in violation of posix and the semantics we attempt to enforce in
linux.
I might be completely wrong on this point (and I haven't looked at the
patches), but I was under the impression that multi-threaded set[ug]id
was implemented in userspace (by glibc's nptl(7) library that uses RT
signals internally to get each thread to update their credentials). And
given that, I wouldn't be surprised (as a user) that zombie threads will
have stale credentials (glibc isn't running in those threads anymore).
Am I mistaken in that belief?
</off-topic>
--
Aleksa Sarai
Software Engineer (Containers)
SUSE Linux GmbH
https://www.cyphar.com/