New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
syscall: exec_linux.go not using cross architecture safe SYS_SETGROUPS #17092
Comments
CC @LK4D4 |
@ianlancetaylor This code was there before me :/ Looks pretty bad and I don't about policy in |
@LK4D4 Oh, sorry, I just assumed it was your code. The child process in |
Just to be sure, here is function for arm: |
CL https://golang.org/cl/31458 mentions this issue. |
I went over the patch at https://golang.org/cl/31458 |
CL https://golang.org/cl/33011 mentions this issue. |
What version of Go are you using (
go version
)?go 1.7.1
What operating system and processor architecture are you using (
go env
)?GOOS=linux
GOARCH=arm
What did you do?
groups = []uint32{20, 21, 22}
cmd.SysProcAttr.Credential = &syscall.Credential{Groups: groups}
cmd.Run()
Run strace on the process:
strace -e trace=setgroups -e trace=setgroups32 -f {executable}
What did you expect to see?
setgroups32(3, [20, 21, 22])
What did you see instead?
setgroups(3, [20, 0, 21])
Source of problem and possible fix
It appears that syscall/linux_exec.go line 217, the RawSyscall is using SYS_SETGROUPS which on linux/arm is the 16bit GID system call. Since golang always uses 32bit GIDs, this fails. I switched this statement to SYS_SETGROUPS32, and it worked fine on my linux/arm system.
Perhaps this RawSyscall should be replaced with syscall.setgroups so that the correct architecture dependent system call is used.
Please note that this is also true for the SYS_SETUID and SYS_SETGID syscalls just below this line as well. Those statements will operate correctly, unless a UID or GID >= 2^16 is used. In which case it will truncate the integer and use the wrong ID instead of giving an error. However, I do not see an architecture dependent function already implemented to replace those.
The text was updated successfully, but these errors were encountered: