#
f9fb20b4 |
|
01-Nov-2013 |
Rich Felker <dalias@aerifal.cx> |
simplify faccessat AT_EACCESS path and eliminate resource dependence now that we're waiting for the exit status of the child process, the result can be conveyed in the exit status rather than via a pipe. since the error value might not fit in 7 bits, a table is used to translate possible meaningful error values to small integers.
|
#
984af5c9 |
|
01-Nov-2013 |
Rich Felker <dalias@aerifal.cx> |
fix faccessat AT_EACCESS path not to leave zombie processes I mistakenly assumed that clone without a signal produced processes that would not become zombies; however, waitpid with __WCLONE is required to release their pids.
|
#
d5bd7dd5 |
|
18-Oct-2013 |
Rich Felker <dalias@aerifal.cx> |
in faccessat slow path, add close-on-exec to pipe fds as usual, this is needed to avoid fd leaks. as a better solution, the use of fds could possibly be replaced with mmap and a futex.
|
#
51635856 |
|
12-Oct-2013 |
Rich Felker <dalias@aerifal.cx> |
fix uid/gid-setting error in faccessat with AT_EACCESS flag this fixes an issue reported by Daniel Thau whereby faccessat with the AT_EACCESS flag did not work in cases where the process is running suid or sgid but without root privileges. per POSIX, when the process does not have "appropriate privileges", setuid changes the euid, not the real uid, and the target uid must be equal to the current real or saved uid; if this condition is not met, EPERM results. this caused the faccessat child process to fail. using the setreuid syscall rather than setuid works. POSIX leaves it unspecified whether setreuid can set the real user id to the effective user id on processes without "appropriate privileges", but Linux allows this; if it's not allowed, there would be no way for this function to work.
|
#
316d6741 |
|
31-Aug-2013 |
Rich Felker <dalias@aerifal.cx> |
fix missing return value warning in faccessat, minor cleanup clone will pass the return value of the start function to SYS_exit anyway; there's no need to call the syscall directly.
|
#
9848e648 |
|
09-Aug-2013 |
Rich Felker <dalias@aerifal.cx> |
block all signals, even implementation-internal ones, in faccessat child the child process's stack may be insufficient size to support a signal frame, and there is no reason these signal handlers should run in the child anyway.
|
#
0a05eace |
|
03-Aug-2013 |
Rich Felker <dalias@aerifal.cx> |
fix faccessat to support AT_EACCESS flag this is another case of the kernel syscall failing to support flags where it needs to, leading to horrible workarounds in userspace. this time the workaround requires changing uid/gid, and that's not safe to do in the current process. in the worst case, kernel resource limits might prevent recovering the original values, and then there would be no way to safely return. so, use the safe but horribly inefficient alternative: forking. clone is used instead of fork to suppress signals from the child. fortunately this worst-case code is only needed when effective and real ids mismatch, which mainly happens in suid programs.
|
#
aa398f56 |
|
19-Mar-2011 |
Rich Felker <dalias@aerifal.cx> |
global cleanup to use the new syscall interface
|
#
0b44a031 |
|
11-Feb-2011 |
Rich Felker <dalias@aerifal.cx> |
initial check-in, version 0.5.0
|