[Bug 1923738] Re: getgrouplist(3) is not thread-safe
Olaf Seibert
1923738 at bugs.launchpad.net
Wed Apr 14 09:22:53 UTC 2021
Also see https://bugs.launchpad.net/ubuntu/+source/libnss-extrausers/+bug/1602264
which refers to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831390
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1923738
Title:
getgrouplist(3) is not thread-safe
Status in glibc package in Ubuntu:
New
Bug description:
Hello glibc people!
While investigating some threading-related problem in a third-party
program, I discovered that this program calls getgrouplist(3) from
multiple threads, assuming that this is thread-safe. Indeed, the the
man page claims that it is:
┌───────────────┬───────────────┬────────────────┐
│Interface │ Attribute │ Value │
├───────────────┼───────────────┼────────────────┤
│getgrouplist() │ Thread safety │ MT-Safe locale │
└───────────────┴───────────────┴────────────────┘
However, consider the stack traces below.
[Switching to Thread 0x7f691c5ff700 (LWP 30714)]
Thread 353 "mount.quobyte" hit Breakpoint 10, 0x00007f694e7eb3c0 in _nss_extrausers_setgrent () from /usr/lib/libnss_extrausers.so.2
(gdb) bt
#0 0x00007f694e7eb3c0 in _nss_extrausers_setgrent () from /usr/lib/libnss_extrausers.so.2
#1 0x00007f695c72750a in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007f695c72793e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007f695c727ab1 in getgrouplist () from /lib/x86_64-linux-gnu/libc.so.6
[ remaining frames are from the third-party program - omitted ]
(gdb) c
Continuing.
[Switching to Thread 0x7f68971ff700 (LWP 30934)]
Thread 375 "mount.quobyte" hit Breakpoint 12, 0x00007f694e7eb460 in _nss_extrausers_getgrent_r () from /usr/lib/libnss_extrausers.so.2
(gdb) bt
#0 0x00007f694e7eb460 in _nss_extrausers_getgrent_r () from /usr/lib/libnss_extrausers.so.2
#1 0x00007f695c7275ad in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007f695c72793e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007f695c727ab1 in getgrouplist () from /lib/x86_64-linux-gnu/libc.so.6
[ remaining frames are from the third-party program - omitted ]
getgrouplist calls _nss_*_setgrent() and _nss_*_getgrent_r(), which are not thread safe. These functions can't be, since their signature has no way to store the FILE* or other reference to the group file that they have to keep between calls. Seeing these functions here should ring some alarm bells.
For example, this is from libnss-extrausers, showing the thead-unsafe
function signature and the global variable groupsfile it uses. This
signature is forced on it from NSS.
enum nss_status _nss_extrausers_setgrent(void) {
enum nss_status status = NSS_STATUS_SUCCESS;
if (groupsfile == NULL) {
groupsfile = fopen(GROUPSFILE, "re");
if (groupsfile == NULL)
status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
} else {
rewind(groupsfile);
}
return status;
}
I looked at glibc/grp/initgroups.c, where getgrouplist() is defined. I
didn't find proof of locking there. The stack traces above are from
Bionic, but the sources I examined didn't seem to differ materially
between versions in this area.
ii libc-bin 2.27-3ubuntu1.4 amd64 GNU C Library: Binaries
ii libc-dev-bin 2.27-3ubuntu1.4 amd64 GNU C Library: Development binaries
ii libc6:amd64 2.27-3ubuntu1.4 amd64 GNU C Library: Shared libraries
ii libc6-dev:amd64 2.27-3ubuntu1.4 amd64 GNU C Library: Development Libraries and Header Files
So I can only conclude that getgrouplist(3) is not thread-safe, despite documentation.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1923738/+subscriptions
More information about the foundations-bugs
mailing list