[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1015740: marked as done (libc6: Include patch to make grantpt usable after multi-threaded fork in more cases)

Your message dated Sun, 28 Aug 2022 12:02:08 +0000
with message-id <E1oSGzQ-00FVTG-Sy@fasolo.debian.org>
and subject line Bug#1015740: fixed in glibc 2.31-13+deb11u4
has caused the Debian Bug report #1015740,
regarding libc6: Include patch to make grantpt usable after multi-threaded fork in more cases
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1015740: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015740
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: libc6
Version: 2.31-13+deb11u3
Severity: normal
Tags: patch
X-Debbugs-Cc: iwienand@redhat.com

Dear Maintainer,

The glibc bug

 https://sourceware.org/bugzilla/show_bug.cgi?id=24941

fixed by

 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=27fe5f2e67a0e4cc0526b1b32b55f8e519075edb

provides fixes for the grantpt() call deadlocking after fork().  This
seems rather esoteric, but has caused difficult to debug issues for
Ansible users, e.g.

 https://github.com/ansible/ansible/issues/59642

In opendev.org CI (zuul.opendev.org) several users hit this in various
ways as our execution environment is based on Debian Bullseye.  We
have pulled a more recent glibc into our images with

 https://review.opendev.org/c/zuul/zuul/+/849795

But hopefully we can find a solution that is helpful to everyone.

I have pulled the patch and applied it with minor fuzz updates against
2.31-13+deb11u3.  Could we consider having this applied?

Thanks,

-i

-- System Information:
Debian Release: 11.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.18.10-200.fc36.x86_64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages libc6 depends on:
ii  libcrypt1  1:4.4.18-4
ii  libgcc-s1  10.2.1-6

Versions of packages libc6 recommends:
ii  libidn2-0       2.3.0-5
pn  libnss-nis      <none>
pn  libnss-nisplus  <none>

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0]  1.5.77
pn  glibc-doc              <none>
pn  libc-l10n              <none>
pn  locales                <none>

-- debconf information excluded

commit 27fe5f2e67a0e4cc0526b1b32b55f8e519075edb
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Oct 7 14:55:04 2020 +0200

    Linux: Require properly configured /dev/pts for PTYs
    
    Current systems do not have BSD terminals, so the fallback code in
    posix_openpt/getpt does not do anything.  Also remove the file system
    check for /dev/pts.  Current systems always have a devpts file system
    mounted there if /dev/ptmx exists.
    
    grantpt is now essentially a no-op.  It only verifies that the
    argument is a ptmx-descriptor.  Therefore, this change indirectly
    addresses bug 24941.
    
    Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
    (Cherry-picked by Ian Wienand <iwienand@redhat.com>)

Index: glibc-2.31/INSTALL
===================================================================
--- glibc-2.31.orig/INSTALL
+++ glibc-2.31/INSTALL
@@ -184,14 +184,9 @@ if 'CFLAGS' is specified it must enable
 '--enable-pt_chown'
      The file 'pt_chown' is a helper binary for 'grantpt' (*note
      Pseudo-Terminals: Allocation.) that is installed setuid root to fix
-     up pseudo-terminal ownership.  It is not built by default because
-     systems using the Linux kernel are commonly built with the 'devpts'
-     filesystem enabled and mounted at '/dev/pts', which manages
-     pseudo-terminal ownership automatically.  By using
-     '--enable-pt_chown', you may build 'pt_chown' and install it setuid
-     and owned by 'root'.  The use of 'pt_chown' introduces additional
-     security risks to the system and you should enable it only if you
-     understand and accept those risks.
+     up pseudo-terminal ownership on GNU/Hurd.  It is not required on
+     GNU/Linux, and the GNU C Library will not use the installed
+     'pt_chown' program when configured with '--enable-pt_chown'.
 
 '--disable-werror'
      By default, the GNU C Library is built with '-Werror'.  If you wish
Index: glibc-2.31/NEWS
===================================================================
--- glibc-2.31.orig/NEWS
+++ glibc-2.31/NEWS
@@ -399,6 +399,18 @@ Changes to build and runtime requirement
   Older GCC versions and non-GNU compilers are still supported when
   compiling programs that use the GNU C Library.
 
+* On Linux, the system administrator needs to configure /dev/pts with
+  the intended access modes for pseudo-terminals.  glibc no longer
+  attemps to adjust permissions of terminal devices.  The previous glibc
+  defaults ("tty" group, user read/write and group write) already
+  corresponded to what most systems used, so that grantpt did not
+  perform any adjustments.
+
+* On Linux, the posix_openpt and getpt functions no longer attempt to
+  use legacy (BSD) pseudo-terminals and assume that if /dev/ptmx exists
+  (and pseudo-terminals are supported), a devpts file system is mounted
+  on /dev/pts.  Current systems already meet these requirements.
+
 Security related changes:
 
   CVE-2019-7309: x86-64 memcmp used signed Jcc instructions to check
Index: glibc-2.31/sysdeps/unix/sysv/linux/getpt.c
===================================================================
--- glibc-2.31.orig/sysdeps/unix/sysv/linux/getpt.c
+++ glibc-2.31/sysdeps/unix/sysv/linux/getpt.c
@@ -16,69 +16,18 @@
    License along with the GNU C Library; if not, see
    <https://www.gnu.org/licenses/>.  */
 
-#include <errno.h>
 #include <fcntl.h>
-#include <stdlib.h>
 #include <unistd.h>
 #include <paths.h>
-#include <sys/statfs.h>
-
-#include "linux_fsinfo.h"
 
 /* Path to the master pseudo terminal cloning device.  */
 #define _PATH_DEVPTMX _PATH_DEV "ptmx"
-/* Directory containing the UNIX98 pseudo terminals.  */
-#define _PATH_DEVPTS _PATH_DEV "pts"
-
-/* Prototype for function that opens BSD-style master pseudo-terminals.  */
-extern int __bsd_openpt (int oflag) attribute_hidden;
 
 /* Open a master pseudo terminal and return its file descriptor.  */
 int
 __posix_openpt (int oflag)
 {
-  static int have_no_dev_ptmx;
-  int fd;
-
-  if (!have_no_dev_ptmx)
-    {
-      fd = __open (_PATH_DEVPTMX, oflag);
-      if (fd != -1)
-	{
-	  struct statfs fsbuf;
-	  static int devpts_mounted;
-
-	  /* Check that the /dev/pts filesystem is mounted
-	     or if /dev is a devfs filesystem (this implies /dev/pts).  */
-	  if (devpts_mounted
-	      || (__statfs (_PATH_DEVPTS, &fsbuf) == 0
-		  && fsbuf.f_type == DEVPTS_SUPER_MAGIC)
-	      || (__statfs (_PATH_DEV, &fsbuf) == 0
-		  && fsbuf.f_type == DEVFS_SUPER_MAGIC))
-	    {
-	      /* Everything is ok.  */
-	      devpts_mounted = 1;
-	      return fd;
-	    }
-
-	  /* If /dev/pts is not mounted then the UNIX98 pseudo terminals
-	     are not usable.  */
-	  __close (fd);
-	  have_no_dev_ptmx = 1;
-	  __set_errno (ENOENT);
-	}
-      else
-	{
-	  if (errno == ENOENT || errno == ENODEV)
-	    have_no_dev_ptmx = 1;
-	  else
-	    return -1;
-	}
-    }
-  else
-    __set_errno (ENOENT);
-
-  return -1;
+  return __open (_PATH_DEVPTMX, oflag);
 }
 weak_alias (__posix_openpt, posix_openpt)
 
@@ -86,17 +35,6 @@ weak_alias (__posix_openpt, posix_openpt
 int
 __getpt (void)
 {
-  int fd = __posix_openpt (O_RDWR);
-  if (fd == -1)
-    fd = __bsd_openpt (O_RDWR);
-  return fd;
+  return __posix_openpt (O_RDWR);
 }
 weak_alias (__getpt, getpt)
-
-
-#define PTYNAME1 "pqrstuvwxyzabcde";
-#define PTYNAME2 "0123456789abcdef";
-
-#define HAVE_GETPT
-#define HAVE_POSIX_OPENPT
-#include <sysdeps/unix/bsd/getpt.c>
Index: glibc-2.31/sysdeps/unix/sysv/linux/grantpt.c
===================================================================
--- glibc-2.31.orig/sysdeps/unix/sysv/linux/grantpt.c
+++ glibc-2.31/sysdeps/unix/sysv/linux/grantpt.c
@@ -1,44 +1,41 @@
-#include <assert.h>
-#include <ctype.h>
-#include <dirent.h>
+/* grantpt implementation for Linux.
+   Copyright (C) 1998-2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+   Contributed by Zack Weinberg <zack@rabi.phys.columbia.edu>, 1998.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
 #include <errno.h>
-#include <fcntl.h>
-#include <paths.h>
 #include <stdlib.h>
-#include <unistd.h>
-
-#include <not-cancel.h>
+#include <sys/ioctl.h>
+#include <termios.h>
 
-#include "pty-private.h"
-
-#if HAVE_PT_CHOWN
-/* Close all file descriptors except the one specified.  */
-static void
-close_all_fds (void)
+int
+grantpt (int fd)
 {
-  DIR *dir = __opendir ("/proc/self/fd");
-  if (dir != NULL)
-    {
-      struct dirent64 *d;
-      while ((d = __readdir64 (dir)) != NULL)
-	if (isdigit (d->d_name[0]))
-	  {
-	    char *endp;
-	    long int fd = strtol (d->d_name, &endp, 10);
-	    if (*endp == '\0' && fd != PTY_FILENO && fd != dirfd (dir))
-	      __close_nocancel_nostatus (fd);
-	  }
-
-      __closedir (dir);
-
-      int nullfd = __open_nocancel (_PATH_DEVNULL, O_RDONLY);
-      assert (nullfd == STDIN_FILENO);
-      nullfd = __open_nocancel (_PATH_DEVNULL, O_WRONLY);
-      assert (nullfd == STDOUT_FILENO);
-      __dup2 (STDOUT_FILENO, STDERR_FILENO);
-    }
+  /* Without pt_chown on Linux, we have delegated the creation of the
+     pty node with the right group and permission mode to the kernel, and
+     non-root users are unlikely to be able to change it. Therefore let's
+     consider that POSIX enforcement is the responsibility of the whole
+     system and not only the GNU libc.   */
+
+  /* Verify that fd refers to a ptmx descriptor.  */
+  unsigned int ptyno;
+  int ret = __ioctl (fd, TIOCGPTN, &ptyno);
+  if (ret != 0 && errno == ENOTTY)
+    /* POSIX requires EINVAL instead of ENOTTY provided by the kernel.  */
+    __set_errno (EINVAL);
+  return ret;
 }
-# define CLOSE_ALL_FDS() close_all_fds()
-#endif
-
-#include <sysdeps/unix/grantpt.c>
Index: glibc-2.31/sysdeps/unix/sysv/linux/ptsname.c
===================================================================
--- glibc-2.31.orig/sysdeps/unix/sysv/linux/ptsname.c
+++ glibc-2.31/sysdeps/unix/sysv/linux/ptsname.c
@@ -21,39 +21,14 @@
 #include <stdlib.h>
 #include <string.h>
 #include <sys/ioctl.h>
-#include <sys/stat.h>
-#include <sys/sysmacros.h>
 #include <termios.h>
 #include <unistd.h>
 
 #include <_itoa.h>
 
-/* Check if DEV corresponds to a master pseudo terminal device.  */
-#define MASTER_P(Dev)							\
-  (__gnu_dev_major ((Dev)) == 2						\
-   || (__gnu_dev_major ((Dev)) == 4					\
-       && __gnu_dev_minor ((Dev)) >= 128 && __gnu_dev_minor ((Dev)) < 192) \
-   || (__gnu_dev_major ((Dev)) >= 128 && __gnu_dev_major ((Dev)) < 136))
-
-/* Check if DEV corresponds to a slave pseudo terminal device.  */
-#define SLAVE_P(Dev)							\
-  (__gnu_dev_major ((Dev)) == 3						\
-   || (__gnu_dev_major ((Dev)) == 4					\
-       && __gnu_dev_minor ((Dev)) >= 192 && __gnu_dev_minor ((Dev)) < 256) \
-   || (__gnu_dev_major ((Dev)) >= 136 && __gnu_dev_major ((Dev)) < 144))
-
-/* Note that major number 4 corresponds to the old BSD style pseudo
-   terminal devices.  As of Linux 2.1.115 these are no longer
-   supported.  They have been replaced by major numbers 2 (masters)
-   and 3 (slaves).  */
-
 /* Directory where we can find the slave pty nodes.  */
 #define _PATH_DEVPTS "/dev/pts/"
 
-/* The are declared in getpt.c.  */
-extern const char __libc_ptyname1[] attribute_hidden;
-extern const char __libc_ptyname2[] attribute_hidden;
-
 /* Static buffer for `ptsname'.  */
 static char buffer[sizeof (_PATH_DEVPTS) + 20];
 
@@ -68,19 +43,15 @@ ptsname (int fd)
 }
 
 
+/* Store at most BUFLEN characters of the pathname of the slave pseudo
+   terminal associated with the master FD is open on in BUF.
+   Return 0 on success, otherwise an error number.  */
 int
-__ptsname_internal (int fd, char *buf, size_t buflen, struct stat64 *stp)
+__ptsname_r (int fd, char *buf, size_t buflen)
 {
   int save_errno = errno;
   unsigned int ptyno;
 
-  if (!__isatty (fd))
-    {
-      __set_errno (ENOTTY);
-      return ENOTTY;
-    }
-
-#ifdef TIOCGPTN
   if (__ioctl (fd, TIOCGPTN, &ptyno) == 0)
     {
       /* Buffer we use to print the number in.  For a maximum size for
@@ -101,67 +72,11 @@ __ptsname_internal (int fd, char *buf, s
 
       memcpy (__stpcpy (buf, devpts), p, &numbuf[sizeof (numbuf)] - p);
     }
-  else if (errno != EINVAL)
-    return errno;
   else
-#endif
-    {
-      char *p;
-
-      if (buflen < strlen (_PATH_TTY) + 3)
-	{
-	  __set_errno (ERANGE);
-	  return ERANGE;
-	}
-
-      if (__fxstat64 (_STAT_VER, fd, stp) < 0)
-	return errno;
-
-      /* Check if FD really is a master pseudo terminal.  */
-      if (! MASTER_P (stp->st_rdev))
-	{
-	  __set_errno (ENOTTY);
-	  return ENOTTY;
-	}
-
-      ptyno = __gnu_dev_minor (stp->st_rdev);
-
-      if (ptyno / 16 >= strlen (__libc_ptyname1))
-	{
-	  __set_errno (ENOTTY);
-	  return ENOTTY;
-	}
-
-      p = __stpcpy (buf, _PATH_TTY);
-      p[0] = __libc_ptyname1[ptyno / 16];
-      p[1] = __libc_ptyname2[ptyno % 16];
-      p[2] = '\0';
-    }
-
-  if (__xstat64 (_STAT_VER, buf, stp) < 0)
+    /* Bad file descriptor, or not a ptmx descriptor.  */
     return errno;
 
-  /* Check if the name we're about to return really corresponds to a
-     slave pseudo terminal.  */
-  if (! S_ISCHR (stp->st_mode) || ! SLAVE_P (stp->st_rdev))
-    {
-      /* This really is a configuration problem.  */
-      __set_errno (ENOTTY);
-      return ENOTTY;
-    }
-
   __set_errno (save_errno);
   return 0;
 }
-
-
-/* Store at most BUFLEN characters of the pathname of the slave pseudo
-   terminal associated with the master FD is open on in BUF.
-   Return 0 on success, otherwise an error number.  */
-int
-__ptsname_r (int fd, char *buf, size_t buflen)
-{
-  struct stat64 st;
-  return __ptsname_internal (fd, buf, buflen, &st);
-}
 weak_alias (__ptsname_r, ptsname_r)

--- End Message ---
--- Begin Message --- 
Source: glibc
Source-Version: 2.31-13+deb11u4
Done: Aurelien Jarno <aurel32@debian.org>

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1015740@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 26 Aug 2022 23:32:46 +0200
Source: glibc
Architecture: source
Version: 2.31-13+deb11u4
Distribution: bullseye
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Closes: 1014735 1015740
Changes:
 glibc (2.31-13+deb11u4) bullseye; urgency=medium
 .
   [ Aurelien Jarno ]
   * debian/debhelper.in/libc-dev.NEWS: New file to explain how to update
     programs to use the TI-RPC library instead of the Sun RPC one.  Closes:
     #1014735.
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - Fix an off-by-one buffer overflow/underflow in getcwd() (CVE-2021-3999).
     - Fix an overflow bug in the SSE2 and AVX2 implementations of wmemchr.
     - Fix an overflow bug in the SSE4.1 and AVX2 implementations of wcslen and
       wcsncat.
     - Fix an overflow bug in the AVX2 and EVEX implementation of wcsncmp.
     - Add a few EVEX optimized string functions to fix a performance issue (up
       to 40%) with Skylake-X processors.
     - Make grantpt usable after multi-threaded fork.  Closes: #1015740.
     - debian/patches/hurd-i386/git-posix_openpt.diff: rebase.
   * debian/rules.d/build.mk: pass --with-default-link=no to configure to
     ensure that libio vtable protection is enabled.
Checksums-Sha1:
 dc2af46a866d9c46d3009f60bae04411d2d690a7 8347 glibc_2.31-13+deb11u4.dsc
 1f4e2020c1a99c219964c9d81115a33b36c8b541 953784 glibc_2.31-13+deb11u4.debian.tar.xz
 52de79772208800ea1edffc8d735610da6ce65b9 9057 glibc_2.31-13+deb11u4_source.buildinfo
Checksums-Sha256:
 2591bbb14fbf3f7490b3d67775601f991cfff721db3bc7bb0bf311165540fdaf 8347 glibc_2.31-13+deb11u4.dsc
 0913d214e3c213d4e148b39fd7a1289dd3612799ec97fb55e1a77f8b6108cf76 953784 glibc_2.31-13+deb11u4.debian.tar.xz
 2b3ed742da37cbf714ceef82005b2619e778071b22c894fcdb07a518128f644d 9057 glibc_2.31-13+deb11u4_source.buildinfo
Files:
 76ad7348971917d9557e2f43aa027615 8347 libs required glibc_2.31-13+deb11u4.dsc
 28e888c67441ed231d3a6757d14276a6 953784 libs required glibc_2.31-13+deb11u4.debian.tar.xz
 67076b5b980dfd543e3a714f2a3906a2 9057 libs required glibc_2.31-13+deb11u4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmMJPxEACgkQE4jA+Jno
M2vDDxAAliUXkbgJMMOke/pR0HFGWsPvJEkYHFMSu8sziL4TMDf06tkmN0svC16e
Ks+S95sohIh/AgqqEjwU1MtH5s/m2A5UkMx6Xaj/EymAxMI+gmviFF68CgAdMGkE
f0/cMIui8LICiR/j4VsAGfXk3jsnqm4h9ED82Z5zgWxaLXmYBeKnqfGQXOKtBPSy
x56N9hkcnu4l68nes/so60LU3SC7yMmjnUuw+y902I8J5Yyyekb9QSyacbtYDixS
w5BFCygLxPoVOZzDt+DAu2sSGvs8wvnyyH+MB28rI06ZM9x9LlS0Cxi3tbcMAAaH
tEi2UxhlQ1QRJuU7yHZ3eUxqeMgB3lYJt4mijkXyBKK278EN0azDhvWwHH0UoFQo
rvfkl8f94+ksIrF1wwSjLUAO2VXYi7g9xAgWZpyMEIhvSgwApwJ6Zl2sjxb0Wwv3
8uH6ggw3jUbulCxlgEDb8qFZV+Yxtyf+UMaM7ZVnDJGfeR4g+jnmXfyi93e9Qjwi
+oZMOqf0Y3zIGuJtxMsjURU+Zu+/notO8q3DjmjwVrS00xI/9U0TiWQcJMD6m7Ww
VPL0eA4gDXxjXGTSnQ0RKAsWrQPkj1c4Q3VDIt2Xajjm8pK8EofVlq92VIVk6Dfi
lhlsXgCcT77CmoBe2PYC7PgIedgk61j2JtEj7EsDryMFAqFHY6Q=
=xaQm
-----END PGP SIGNATURE-----

Attachment: pgpINdOdhx8Ro.pgp
Description: PGP signature


--- End Message ---
Reply to: