bug in vfork semantics under IRIX 3.3.1

C. Harald Koch chk%alias at csri.toronto.edu
Thu Nov 29 14:52:29 AEST 1990


I was just applying the latest patches to ELM, after upgrading to 3.3.1.
Suddenly elm was no longer able to read my mailbox! After long and detailed
debugging, I eventually found the problem:

ELM runs set group-id mail so that it can create lock files. This is a
potential security hole, so ELM uses subprocesses to verify certain file
access permissions using your real gid rather than your effective gid. This
is to prevent users from getting access to files that are readable by the
mail group (i.e. other users mailboxes).

Under 3.3.1, ELM configuration detects the existence of vfork() and uses it
instead of fork(). Then, in the child, ELM calls setgid() to set the
group-id to your real group-id, performs the test, and exits with a status.
The parent reads this status back.

On most systems with vfork(), the two processes inherit the same address
space, BUT DIFFERENT KERNEL U-AREAS. This means that the setgid() call
doesn't affect the parent.

Under IRIX, the vfork() call is actually implemented using sproc(), which is
a more primitive way to get multiple processes. It DOES NOT give you a
separate u-area. So the setgid() call affects the parent!

As a result, the parent process is no longer set group-id mail, and so it
cannot generate lock files in the mail directory!

I discovered this quite accidentally; I was using DBX to attempt some
debugging and found that vfork() confused DBX, so I recompiled elm to use
fork() instead. Suddenly, everything worked fine! So I wrote a simple test
program which runs set group-id, vforks, and does a setgid(getgid()) in the
child. Sure enough, the group-id in the parent changes!

vfork() also causes problems with Perl. I strongly suggest not using it at
all, unless you *really* need the performance improvement that it gives.

	Whee!

--
C. Harald Koch  VE3TLA                Alias Research, Inc., Toronto ON Canada
chk%alias at csri.utoronto.ca      chk at gpu.utcs.toronto.edu      chk at chk.mef.org
"Open the Zamboni! We're coming out!" - Kathrin Garland and Anson James, 2299



More information about the Comp.sys.sgi mailing list