#293 closed defect (fixed)
Potential deadlock with inotify + suid check
Reported by: | rainer | Owned by: | rainer |
---|---|---|---|
Priority: | major | Milestone: | 3.0.3 |
Component: | main | Version: | |
Keywords: | Cc: |
Description
As reported by A. Jack, using the suid check in combination with inotify can lead to a deadlock:
(gdb) thread apply all bt Thread 6 (Thread 0xaf868b90 (LWP 10467)): #0 0xb7f02410 in __kernel_vsyscall () #1 0xb7e5e99b in read () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb7f9cb26 in sh_inotify_read (buffer=0xaf867e4c "\017", count=1024) at /usr/include/bits/unistd.h:45 #3 0xb7f9cde3 in sh_inotify_wait_for_change (filename=0xb7fabc68 "/var/log/wtmp", watches=0xb7ffc440, errnum=0xaf8682d8, waitsec=300) at x_sh_inotify.c:775 #4 0xb7f6ad89 in sh_utmp_timer (tcurrent=1332378964) at x_sh_utmp.c:625 #5 0xb7f9acc6 in sh_threaded_module_run (arg=0xb7fb7400) at x_sh_pthread.c:178 #6 0xb7e574fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #7 0xb7dd9f5e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 5 (Thread 0xaf067b90 (LWP 10468)): #0 0xb7f02410 in __kernel_vsyscall () #1 0xb7e5e589 in __lll_lock_wait () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb7e59ba6 in _L_lock_95 () from /lib/tls/i686/cmov/libpthread.so.0 #3 0xb7e5958a in pthread_mutex_lock () from /lib/tls/i686/cmov/libpthread.so.0 #4 0xb7f2cb31 in sh_files_search_file (name=0xb9219bd0 "/bin/ping6", class=0xaf066f10, check_mask=0xaf066f0c, reported=0xaf066f14) at x_sh_files.c:2794 #5 0xb7f7075f in sh_suidchk_check_internal (iname=0xb90f3db0 "/bin") at x_sh_suidchk.c:1199 #6 0xb7f70541 in sh_suidchk_check_internal (iname=0xb7fb0254 "/") at x_sh_suidchk.c:1173 #7 0xb7f71577 in sh_suidchk_check () at x_sh_suidchk.c:1488 #8 0xb7f9acd3 in sh_threaded_module_run (arg=0xb7fb74c0) at x_sh_pthread.c:186 #9 0xb7e574fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #10 0xb7dd9f5e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 4 (Thread 0xae866b90 (LWP 10469)): #0 0xb7f02410 in __kernel_vsyscall () #1 0xb7e5f196 in nanosleep () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb7f7ba04 in retry_msleep (sec=1, millisec=0) at x_sh_calls.c:482 #3 0xb7f9acfd in sh_threaded_module_run (arg=0xb7fb7500) at x_sh_pthread.c:191 #4 0xb7e574fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #5 0xb7dd9f5e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 3 (Thread 0xae065b90 (LWP 10471)): #0 0xb7f02410 in __kernel_vsyscall () #1 0xb7e5f196 in nanosleep () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb7f7ba04 in retry_msleep (sec=1, millisec=0) at x_sh_calls.c:482 #3 0xb7f9acfd in sh_threaded_module_run (arg=0xb7fb7540) at x_sh_pthread.c:191 #4 0xb7e574fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #5 0xb7dd9f5e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 2 (Thread 0xad864b90 (LWP 10472)): #0 0xb7f02410 in __kernel_vsyscall () #1 0xb7e5f196 in nanosleep () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb7f7ba04 in retry_msleep (sec=1, millisec=0) at x_sh_calls.c:482 #3 0xb7fa53ff in sh_fInotify_init_internal () at x_sh_fInotify.c:342 #4 0xb7f9ac5b in sh_threaded_module_run (arg=0xb7fb7580) at x_sh_pthread.c:172 #5 0xb7e574fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #6 0xb7dd9f5e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 1 (Thread 0xb7d016b0 (LWP 10465)): #0 0xb7f02410 in __kernel_vsyscall () #1 0xb7e5e589 in __lll_lock_wait () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb7e59ba6 in _L_lock_95 () from /lib/tls/i686/cmov/libpthread.so.0 #3 0xb7e5958a in pthread_mutex_lock () from /lib/tls/i686/cmov/libpthread.so.0 ---Type <return> to continue, or q <return> to quit--- #4 0xb7f2eb41 in sh_files_push_file_int (class=5, str_s=0xb91e3b20 "/xxx/xxx/xxx/xxx/xxx/xxx/xxx/xxx/xxx/.svn", len=58, check_mask=3657433088) at x_sh_files.c:959 #5 0xb7f2f3c8 in sh_files_pushglob (class=5, type=0, p=0xb808abc8 "/xxx/*/*/*/*/*/*/*/*/.svn", rdepth=0, check_mask_in=3657433088, flag=1) at x_sh_files.c:1086 #6 0xb7f2f856 in sh_files_check_globPatterns () at x_sh_files.c:1172 #7 0xb7f3a39b in main (argc=Cannot access memory at address 0x80 ) at x_samhain.c:2008 #0 0xb7f02410 in __kernel_vsyscall ()
Note:
See TracTickets
for help on using tickets.
Believed to be fixed by changeset [397].