This is the mail archive of the libc-alpha@sourceware.cygnus.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: [Bug, 2.1.3] getlogin() can call alarm() but shouldn't.


Ouch, I knew this was going to bite me sooner or later.

The problem is that we need to do locking on the user accounting
database to make sure that two programs are prevented from modifying
its contents at the same time.  However, since every user can hold a
read lock on it, we need to beak the lock after a certain amount of
time if we cannot get it to prevent all sorts of denial of service
attacks (i.e. by holding a read lock a malicious user could prevent
other people from logging in to the system).  There is no other way to
interrupt the a program blocking in fcntl (..., F_SETLKW, ...), other
than by a signal, and I believe SIGALRM is the only option.

I'd love to see a different solution to this problem, but I haven't
found one.  Unfortunately the POSIX realtime extensions aren't
implemented yet on Linux.

Using getitimer()/setitimer() is probably the best I can do for now.
I'll look into it, but can't promise to resolve this in short term.

Mark

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]