syscall: exec_linux.go not using cross architecture safe SYS_SETGROUPS #17092
Comments
ianlancetaylor
changed the title
|
CC @LK4D4 |
|
@ianlancetaylor This code was there before me :/ Looks pretty bad and I don't about policy in |
|
@LK4D4 Oh, sorry, I just assumed it was your code. The child process in |
|
Just to be sure, here is function for arm: |
quentinmit
added
the
NeedsFix
|
CL https://golang.org/cl/31458 mentions this issue. |
|
I went over the patch at https://golang.org/cl/31458 |
|
CL https://golang.org/cl/33011 mentions this issue. |
What version of Go are you using (
go version)?go 1.7.1
What operating system and processor architecture are you using (
go env)?GOOS=linux
GOARCH=arm
What did you do?
groups = []uint32{20, 21, 22}
cmd.SysProcAttr.Credential = &syscall.Credential{Groups: groups}
cmd.Run()
Run strace on the process:
strace -e trace=setgroups -e trace=setgroups32 -f {executable}
What did you expect to see?
setgroups32(3, [20, 21, 22])
What did you see instead?
setgroups(3, [20, 0, 21])
Source of problem and possible fix
It appears that syscall/linux_exec.go line 217, the RawSyscall is using SYS_SETGROUPS which on linux/arm is the 16bit GID system call. Since golang always uses 32bit GIDs, this fails. I switched this statement to SYS_SETGROUPS32, and it worked fine on my linux/arm system.
Perhaps this RawSyscall should be replaced with syscall.setgroups so that the correct architecture dependent system call is used.
Please note that this is also true for the SYS_SETUID and SYS_SETGID syscalls just below this line as well. Those statements will operate correctly, unless a UID or GID >= 2^16 is used. In which case it will truncate the integer and use the wrong ID instead of giving an error. However, I do not see an architecture dependent function already implemented to replace those.
The text was updated successfully, but these errors were encountered: