OpenBSD system-call-origin verification

Posted Dec 12, 2019 9:28 UTC (Thu) by mjg59 (subscriber, #23239)
In reply to: OpenBSD system-call-origin verification by Cyberax
Parent article: OpenBSD system-call-origin verification

Which is, unfortunately, not always entirely helpful: https://github.com/golang/go/issues/1435

OpenBSD system-call-origin verification

Posted Dec 12, 2019 10:25 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (3 responses)

Well, the design of setuid is kinda stupid. It should have been fixed properly in the kernel long time ago.

OpenBSD system-call-origin verification

Posted Dec 12, 2019 11:47 UTC (Thu) by dvdeug (guest, #10998) [Link] (2 responses)

It works, though. POSIX promises a C API, not a kernel ABI or API, and the kernel changing the syscall breaks the kernel's ABI. Go can do the same thing libc does and abstract away the problem; it's always the job of high-level languages to smooth over the raw low-level details.

OpenBSD system-call-origin verification

Posted Dec 12, 2019 22:39 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

It's trivially easy to implement the process-global setuid() in the kernel, instead of using racy signal-based implementation. Keeping around crap code like this simply adds to the technical debt and is stifling innovation (like Go is trying to do).

OpenBSD system-call-origin verification

Posted Dec 14, 2019 17:53 UTC (Sat) by luto (guest, #39314) [Link]

It’s not trivial. Looping over all threads is straightforward. Changing the uid of a running thread is not (that thread might be busy reading its own uid or, worse, changing its creds). Defining what happens if you run out of memory part way through is not trivial. Dealing with races against clone() is not trivial.