Question about shm_open and sem_open

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Question about shm_open and sem_open

Jeunder Yu
Hello,

I have a question about source code of shm_open and sem_open functions.

int
shm_open(const char *path, int flags, mode_t mode)
{
........ (skipped) ....

        if (sb,st_uid != getuid()) {
                close(fd);
               errno = EPERM;
                return -1;
        }

........ (skipped) ....
}

I know the UID comparison is used to avoid share memory accessed by
different user. Similar code also existed in sem_open function.

My question is, why it is getuid(), why not use geteuid()?
I am not sure if it is bug or not, but I think it is more reasonable
if it checked
by effective user id,

Any comments?

BRs,
Joey

Reply | Threaded
Open this post in threaded view
|

Re: Question about shm_open and sem_open

Ted Unangst-6
游俊德 wrote:

> Hello,
>
> I have a question about source code of shm_open and sem_open functions.
>
> int
> shm_open(const char *path, int flags, mode_t mode)
> {
> ........ (skipped) ....
>
>         if (sb,st_uid != getuid()) {
>                 close(fd);
>                errno = EPERM;
>                 return -1;
>         }
>
> ........ (skipped) ....
> }
>
> I know the UID comparison is used to avoid share memory accessed by
> different user. Similar code also existed in sem_open function.
>
> My question is, why it is getuid(), why not use geteuid()?
> I am not sure if it is bug or not, but I think it is more reasonable
> if it checked
> by effective user id,

geteuid may be better. though i would hope the difference doesn't matter.

Reply | Threaded
Open this post in threaded view
|

Re: Question about shm_open and sem_open

Jeunder Yu
2015年11月20日 下午2:46於 "Ted Unangst" <[hidden email]>寫道:

>
> 游俊德 wrote:
> > Hello,
> >
> > I have a question about source code of shm_open and sem_open functions.
> >
> > int
> > shm_open(const char *path, int flags, mode_t mode)
> > {
> > ........ (skipped) ....
> >
> >         if (sb,st_uid != getuid()) {
> >                 close(fd);
> >                errno = EPERM;
> >                 return -1;
> >         }
> >
> > ........ (skipped) ....
> > }
> >
> > I know the UID comparison is used to avoid share memory accessed by
> > different user. Similar code also existed in sem_open function.
> >
> > My question is, why it is getuid(), why not use geteuid()?
> > I am not sure if it is bug or not, but I think it is more reasonable
> > if it checked
> > by effective user id,
>
> geteuid may be better. though i would hope the difference doesn't matter.

The difference is very important for me.

In my application, I am root and change to different uid, create semaphore
and share memory, make some hand sharking to client app with different uid.

May I give a patch to fix it?
Reply | Threaded
Open this post in threaded view
|

Re: Question about shm_open and sem_open

Ted Unangst-6
Jeunder Yu wrote:
> > geteuid may be better. though i would hope the difference doesn't matter.
>
> The difference is very important for me.
>
> In my application, I am root and change to different uid, create semaphore
> and share memory, make some hand sharking to client app with different uid.
>
> May I give a patch to fix it?

Ah, thanks, I had forgotten about this. I changed it to geteuid.