This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: snapshot 05/05: ssh segmentation fault within screen


> On 05/06/2014 10:39 AM, Corinna Vinschen wrote:
> 
> > The problem, which I totally not realized since I started implementing
> > this stuff is, that by propagating this cache to child processes, said
> > child processes suffer from what the parent process does to the passwd
> > structures in the cache.
> > 
> > Screen seems to call getpwuid and then sets some of the pointers in the
> > passwd structure it got from the call to NULL, apparently for some sort
> > of security, this way overwriting the cached passwd struct for the
> 
> Bug in screen.  POSIX states:
> 
> http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid.html
> 
> The application shall not modify the structure to which the return value
> points, nor any storage areas pointed to by pointers within the
> structure. The returned pointer, and pointers within the structure,
> might be invalidated or the structure or the storage areas might be
> overwritten by a subsequent call to getpwent(), getpwnam(), or getpwuid().

Fixing this would be well out of my depth, but I'll gladly include any
patches to screen that fix it.

Meanwhile there's a new release of screen (4.2.1) upstream, about one year
newer than the last commit I packaged for Cygwin, so maybe this problem has
already been addressed.  I'll get the new release out ASAP so we can test.

Andrew


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]