[Bug libc/2296] New: semval could become negative

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug libc/2296] New: semval could become negative

Martin.Jansa at gmail dot com
Reading throug the semaphore manpages semget, semctl and semop I realized that
eigther the documentation is incorrect or there is a security risk.

It is possible for semval to become negative in the following way:
A semaphore is created by process #1 and initialized to 0.
Process #1 releases the semaphore and sets it to 1 using SEM_UNDO.
Process #2 attatches to the semaphore and locks it setting it to 0.
Process #1 gets killed and semval should be set to -1!

In the documentation is stated that semval is a positive integer. So it can not
become -1. But according to this scheme it should be able to.

What is the behavier of the semaphore in this sequence of events?

--
           Summary: semval could become negative
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: drepper at redhat dot com
        ReportedBy: cees at gatso dot nl
                CC: glibc-bugs at sources dot redhat dot com


http://sourceware.org/bugzilla/show_bug.cgi?id=2296

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Reply | Threaded
Open this post in threaded view
|

[Bug libc/2296] semval could become negative

Martin.Jansa at gmail dot com

------- Additional Comments From decimal at us dot ibm dot com  2006-02-08 15:23 -------
The System V IPC operations are not implemented by glibc.
Taking semget() as an example.
sysdeps/unix/sysv/linux/semget.c simply makes a Linux system call.
sysvipc/semget.c returns ENOSYS for systems using glibc which provide no other
implementation.
Similarly the manual pages for these operations are not owned by glibc.
You should pursue this issue with your distro or LKML I imagine.

--
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID


http://sourceware.org/bugzilla/show_bug.cgi?id=2296

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.