From simon@comsys.ntu-kpi.kiev.ua  Wed Sep  7 12:06:45 2005
Return-Path: <simon@comsys.ntu-kpi.kiev.ua>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B0CC716A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  7 Sep 2005 12:06:45 +0000 (GMT)
	(envelope-from simon@comsys.ntu-kpi.kiev.ua)
Received: from comsys.ntu-kpi.kiev.ua (comsys.ntu-kpi.kiev.ua [195.245.194.142])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AF52C43D45
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  7 Sep 2005 12:06:40 +0000 (GMT)
	(envelope-from simon@comsys.ntu-kpi.kiev.ua)
Received: from pm514-9.comsys.ntu-kpi.kiev.ua (pm514-9.comsys.ntu-kpi.kiev.ua [10.18.54.109])
	(authenticated bits=0)
	by comsys.ntu-kpi.kiev.ua (8.12.10/8.12.10) with ESMTP id j87CEP82060587
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 7 Sep 2005 15:14:26 +0300 (EEST)
Received: by pm514-9.comsys.ntu-kpi.kiev.ua (Postfix, from userid 1000)
	id 745642FA; Wed,  7 Sep 2005 15:04:05 +0300 (EEST)
Message-Id: <20050907120405.GB295@pm514-9.comsys.ntu-kpi.kiev.ua>
Date: Wed, 7 Sep 2005 15:04:05 +0300
From: Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
To: FreeBSD-gnats-submit@freebsd.org
Subject: [patch] pam_exec incorrectly works with vfork()

>Number:         85830
>Category:       bin
>Synopsis:       [patch] pam_exec incorrectly works with vfork()
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    des
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 07 12:10:07 GMT 2005
>Closed-Date:    Fri Sep 28 07:34:07 GMT 2007
>Last-Modified:  Fri Sep 28 07:34:07 GMT 2007
>Originator:     Andrey Simonenko
>Release:        FreeBSD 5.4
>Organization:
>Environment:
>Description:

pam_exec PAM module incorrectly works with vfork() system call.
It uses childerr variable to report from a vfork'ed child to a
parent if execve() in a child failed.  There is not guaranty that
a parent will see childerr exactly the same as it was set by its
child, because compiler can optimize the code.

At first time, I decided simply to declare childpid variable as
volatile (and this works), but having read some discussions, I
moved vfork-execve sequence to separate function vfork_execve()
and automatic variable childerr became global volatile variable.

>How-To-Repeat:
>Fix:
diff -ruN pam_exec.orig/pam_exec.c pam_exec/pam_exec.c
--- pam_exec.orig/pam_exec.c	Tue Sep  6 23:28:39 2005
+++ pam_exec/pam_exec.c	Tue Sep  6 23:58:59 2005
@@ -47,11 +47,26 @@
 #include <security/pam_modules.h>
 #include <security/openpam.h>
 
+static volatile int childerr;
+
+static pid_t
+vfork_execve(const char *prog, char *const argv[], char *const envlist[])
+{
+	pid_t pid;
+
+	if ((pid = vfork()) == 0) {
+		execve(prog, argv, envlist);
+		childerr = errno;
+		_exit(1);
+	}
+	return (pid);
+}
+
 static int
 _pam_exec(pam_handle_t *pamh __unused, int flags __unused,
     int argc, const char *argv[])
 {
-	int childerr, status;
+	int status;
 	char **env, **envlist;
 	pid_t pid;
 
@@ -64,11 +79,7 @@
 	 */
 	envlist = pam_getenvlist(pamh);
 	childerr = 0;
-	if ((pid = vfork()) == 0) {
-		execve(argv[0], argv, envlist);
-		childerr = errno;
-		_exit(1);
-	}
+	pid = vfork_execve(argv[0], (char *const *)argv, envlist);
 	for (env = envlist; *env != NULL; ++env)
 		free(*env);
 	free(envlist);
@@ -81,7 +92,7 @@
 		return (PAM_SYSTEM_ERR);
 	}
 	if (childerr != 0) {
-		openpam_log(PAM_LOG_ERROR, "execv(): %m");
+		openpam_log(PAM_LOG_ERROR, "execve(): %m");
 		return (PAM_SYSTEM_ERR);
 	}
 	if (WIFSIGNALED(status)) {
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Wed Sep 7 14:06:18 GMT 2005 
Responsible-Changed-Why:  
Assign to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=85830 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/85830: commit references a PR
Date: Fri, 10 Nov 2006 23:33:41 +0000 (UTC)

 des         2006-11-10 23:33:25 UTC
 
   FreeBSD src repository
 
   Modified files:
     lib/libpam/modules/pam_exec pam_exec.c 
   Log:
   childerr needs to be volatile so gcc won't optimize it away.
   
   PR:             bin/85830
   MFC after:      1 week
   
   Revision  Changes    Path
   1.6       +2 -1      src/lib/libpam/modules/pam_exec/pam_exec.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->patched 
State-Changed-By: des 
State-Changed-When: Fri Nov 10 23:44:14 UTC 2006 
State-Changed-Why:  
Fixed in -CURRENT, awaiting MFC 

http://www.freebsd.org/cgi/query-pr.cgi?pr=85830 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/85830: commit references a PR
Date: Fri, 28 Sep 2007 07:04:43 +0000 (UTC)

 des         2007-09-28 07:04:36 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_6)
     lib/libpam/modules/pam_exec pam_exec.c 
   Log:
   MFC: (1.6) childerr needs to be volatile.
   
   PR:             bin/85830
   
   Revision  Changes    Path
   1.4.2.2   +2 -1      src/lib/libpam/modules/pam_exec/pam_exec.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: des 
State-Changed-When: Fri Sep 28 07:34:05 UTC 2007 
State-Changed-Why:  
Belatedly MFCed 

http://www.freebsd.org/cgi/query-pr.cgi?pr=85830 
>Unformatted:
