This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: snapshot 05/05: ssh segmentation fault within screen
- From: Andrew Schulman <schulman dot andrew at epa dot gov>
- To: cygwin at cygwin dot com
- Date: Wed, 07 May 2014 11:16:54 -0400
- Subject: Re: snapshot 05/05: ssh segmentation fault within screen
- Authentication-results: sourceware.org; auth=none
- References: <5368525F dot 2070301 at shaddybaddah dot name> <20140506163936 dot GY30918 at calimero dot vinschen dot de> <536920BB dot 3080102 at redhat dot com>
> On 05/06/2014 10:39 AM, Corinna Vinschen wrote:
>
> > The problem, which I totally not realized since I started implementing
> > this stuff is, that by propagating this cache to child processes, said
> > child processes suffer from what the parent process does to the passwd
> > structures in the cache.
> >
> > Screen seems to call getpwuid and then sets some of the pointers in the
> > passwd structure it got from the call to NULL, apparently for some sort
> > of security, this way overwriting the cached passwd struct for the
>
> Bug in screen. POSIX states:
>
> http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid.html
>
> The application shall not modify the structure to which the return value
> points, nor any storage areas pointed to by pointers within the
> structure. The returned pointer, and pointers within the structure,
> might be invalidated or the structure or the storage areas might be
> overwritten by a subsequent call to getpwent(), getpwnam(), or getpwuid().
Fixing this would be well out of my depth, but I'll gladly include any
patches to screen that fix it.
Meanwhile there's a new release of screen (4.2.1) upstream, about one year
newer than the last commit I packaged for Cygwin, so maybe this problem has
already been addressed. I'll get the new release out ASAP so we can test.
Andrew
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple