Opened 10 years ago

Closed 10 years ago

Last modified 6 years ago

#293 closed defect (fixed)

Potential deadlock with inotify + suid check

Reported by: rainer Owned by: rainer
Priority: major Milestone: 3.0.3
Component: main Version:
Keywords: Cc:

Description

As reported by A. Jack, using the suid check in combination with inotify can lead to a deadlock:

(gdb) thread apply all bt

Thread 6 (Thread 0xaf868b90 (LWP 10467)):
#0  0xb7f02410 in __kernel_vsyscall ()
#1  0xb7e5e99b in read () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb7f9cb26 in sh_inotify_read (buffer=0xaf867e4c "\017", count=1024) at /usr/include/bits/unistd.h:45
#3  0xb7f9cde3 in sh_inotify_wait_for_change (filename=0xb7fabc68 "/var/log/wtmp", watches=0xb7ffc440, errnum=0xaf8682d8, waitsec=300) at x_sh_inotify.c:775
#4  0xb7f6ad89 in sh_utmp_timer (tcurrent=1332378964) at x_sh_utmp.c:625
#5  0xb7f9acc6 in sh_threaded_module_run (arg=0xb7fb7400) at x_sh_pthread.c:178
#6  0xb7e574fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#7  0xb7dd9f5e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 5 (Thread 0xaf067b90 (LWP 10468)):
#0  0xb7f02410 in __kernel_vsyscall ()
#1  0xb7e5e589 in __lll_lock_wait () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb7e59ba6 in _L_lock_95 () from /lib/tls/i686/cmov/libpthread.so.0
#3  0xb7e5958a in pthread_mutex_lock () from /lib/tls/i686/cmov/libpthread.so.0
#4  0xb7f2cb31 in sh_files_search_file (name=0xb9219bd0 "/bin/ping6", class=0xaf066f10, check_mask=0xaf066f0c, reported=0xaf066f14) at x_sh_files.c:2794
#5  0xb7f7075f in sh_suidchk_check_internal (iname=0xb90f3db0 "/bin") at x_sh_suidchk.c:1199
#6  0xb7f70541 in sh_suidchk_check_internal (iname=0xb7fb0254 "/") at x_sh_suidchk.c:1173
#7  0xb7f71577 in sh_suidchk_check () at x_sh_suidchk.c:1488
#8  0xb7f9acd3 in sh_threaded_module_run (arg=0xb7fb74c0) at x_sh_pthread.c:186
#9  0xb7e574fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#10 0xb7dd9f5e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 4 (Thread 0xae866b90 (LWP 10469)):
#0  0xb7f02410 in __kernel_vsyscall ()
#1  0xb7e5f196 in nanosleep () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb7f7ba04 in retry_msleep (sec=1, millisec=0) at x_sh_calls.c:482
#3  0xb7f9acfd in sh_threaded_module_run (arg=0xb7fb7500) at x_sh_pthread.c:191
#4  0xb7e574fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#5  0xb7dd9f5e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 3 (Thread 0xae065b90 (LWP 10471)):
#0  0xb7f02410 in __kernel_vsyscall ()
#1  0xb7e5f196 in nanosleep () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb7f7ba04 in retry_msleep (sec=1, millisec=0) at x_sh_calls.c:482
#3  0xb7f9acfd in sh_threaded_module_run (arg=0xb7fb7540) at x_sh_pthread.c:191
#4  0xb7e574fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#5  0xb7dd9f5e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 2 (Thread 0xad864b90 (LWP 10472)):
#0  0xb7f02410 in __kernel_vsyscall ()
#1  0xb7e5f196 in nanosleep () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb7f7ba04 in retry_msleep (sec=1, millisec=0) at x_sh_calls.c:482
#3  0xb7fa53ff in sh_fInotify_init_internal () at x_sh_fInotify.c:342
#4  0xb7f9ac5b in sh_threaded_module_run (arg=0xb7fb7580) at x_sh_pthread.c:172
#5  0xb7e574fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#6  0xb7dd9f5e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 1 (Thread 0xb7d016b0 (LWP 10465)):
#0  0xb7f02410 in __kernel_vsyscall ()
#1  0xb7e5e589 in __lll_lock_wait () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb7e59ba6 in _L_lock_95 () from /lib/tls/i686/cmov/libpthread.so.0
#3  0xb7e5958a in pthread_mutex_lock () from /lib/tls/i686/cmov/libpthread.so.0
---Type <return> to continue, or q <return> to quit---
#4  0xb7f2eb41 in sh_files_push_file_int (class=5, str_s=0xb91e3b20 "/xxx/xxx/xxx/xxx/xxx/xxx/xxx/xxx/xxx/.svn", len=58, check_mask=3657433088) at x_sh_files.c:959
#5  0xb7f2f3c8 in sh_files_pushglob (class=5, type=0, p=0xb808abc8 "/xxx/*/*/*/*/*/*/*/*/.svn", rdepth=0, check_mask_in=3657433088, flag=1) at x_sh_files.c:1086
#6  0xb7f2f856 in sh_files_check_globPatterns () at x_sh_files.c:1172
#7  0xb7f3a39b in main (argc=Cannot access memory at address 0x80
) at x_samhain.c:2008
#0  0xb7f02410 in __kernel_vsyscall ()

Change History (1)

comment:1 Changed 10 years ago by rainer

Resolution: fixed
Status: newclosed

Believed to be fixed by changeset [397].

Note: See TracTickets for help on using tickets.