screen-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[screen-devel] [bug #45582] Race condition creating the socket directori

From: anonymous
Subject: [screen-devel] [bug #45582] Race condition creating the socket directories
Date: Mon, 20 Jul 2015 08:27:19 +0000
User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0 
URL:
  <http://savannah.gnu.org/bugs/?45582>

                 Summary: Race condition creating the socket directories
                 Project: GNU Screen
            Submitted by: None
            Submitted on: Mon 20 Jul 2015 08:27:17 AM UTC
                Category: Program Logic
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 4.2.0
           Fixed Release: None
         Planned Release: None
           Work Required: None

    _______________________________________________________

Details:

There is a race condition in screen creating the socket directories.

Both the main and the user specific directory (child to the main) suffer from
the same type of race condition.

Taken from "screen.c" (version 4.1.0 of Ubuntu, but the same for 4.2),
creating the child obviously got patched:

-----------
sprintf(SockPath, "%s/S-%s", SockDir, LoginName);
if (access(SockPath, F_OK))
{
  if (mkdir(SockPath, 0700) == -1 && errno != EEXIST)
  Panic(errno, "Cannot make directory '%s'", SockPath);
  (void) chown(SockPath, real_uid, real_gid);
  }
}
-----------

However a few lines up, creating the parent directory is still suffering from
the race condition:

-----------
if (stat(SockDir, &st))
{
  n = (eff_uid == 0 && (real_uid || eff_gid == real_gid)) ? 0755 :
       (eff_gid != real_gid) ? 0775 :
#ifdef S_ISVTX
                  0777|S_ISVTX;
#else
                  0777;
#endif

  // START: !!

  if (mkdir(SockDir, n) == -1)
    Panic(errno, "Cannot make directory '%s'", SockDir);

  // END: !!
}

-----------

If the screen tool is started at the same time, then between the "stat" call
and the "mkdir" call it may happen that that another instance of screen
already created the directory. Causing the second "mkdir" to fail with
"EEXIST". Which is "ok", since the directory simple has to be there.




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?45582>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]