From owner-freebsd-hackers@freebsd.org  Sun Jan 17 08:05:24 2016
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3D8CBA6A172
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Sun, 17 Jan 2016 08:05:24 +0000 (UTC)
 (envelope-from dchagin@chd.heemeyer.club)
Received: from heemeyer.club (heemeyer.club [108.61.204.158])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "heemeyer.club", Issuer "heemeyer.club" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1663718D9
 for <freebsd-hackers@freebsd.org>; Sun, 17 Jan 2016 08:05:23 +0000 (UTC)
 (envelope-from dchagin@chd.heemeyer.club)
Received: from chd.heemeyer.club (dchagin.static.corbina.ru [78.107.232.239])
 by heemeyer.club (8.15.2/8.15.1) with ESMTPS id u0H85IPK016537
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Sun, 17 Jan 2016 08:05:20 GMT
 (envelope-from dchagin@chd.heemeyer.club)
X-Authentication-Warning: heemeyer.club: Host dchagin.static.corbina.ru
 [78.107.232.239] claimed to be chd.heemeyer.club
Received: from chd.heemeyer.club (localhost [127.0.0.1])
 by chd.heemeyer.club (8.15.2/8.15.1) with ESMTPS id u0H85GvA032971
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Sun, 17 Jan 2016 11:05:16 +0300 (MSK)
 (envelope-from dchagin@chd.heemeyer.club)
Received: (from dchagin@localhost)
 by chd.heemeyer.club (8.15.2/8.15.1/Submit) id u0H85Fpi032970;
 Sun, 17 Jan 2016 11:05:15 +0300 (MSK) (envelope-from dchagin)
Date: Sun, 17 Jan 2016 11:05:15 +0300
From: Chagin Dmitry <dchagin@freebsd.org>
To: Konstantin Belousov <kib@kib.kiev.ua>
Cc: Mateusz Guzik <mjguzik@gmail.com>, Vijay Singh <vijju.singh@gmail.com>,
 freebsd-hackers@freebsd.org
Subject: Re: irrelevant locking
Message-ID: <20160117080515.GA32432@chd.heemeyer.club>
References: <20160116195819.GA41610@chd.heemeyer.club>
 <20160116202643.GL3942@kib.kiev.ua>
 <CALCNsJT_gH5gJaB+yVQRcON84JntSUevG8-X-0Z5_13DkPC+Bg@mail.gmail.com>
 <20160116224312.GA1963@dft-labs.eu>
 <20160117034315.GN3942@kib.kiev.ua>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20160117034315.GN3942@kib.kiev.ua>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jan 2016 08:05:24 -0000

On Sun, Jan 17, 2016 at 05:43:15AM +0200, Konstantin Belousov wrote:
> On Sat, Jan 16, 2016 at 11:43:13PM +0100, Mateusz Guzik wrote:
> > On Sat, Jan 16, 2016 at 02:08:58PM -0800, Vijay Singh wrote:
> > > Couldn't the get & set race otherwise?
> > 
> > Current locking plays no role in correctness here.
> > 
> > Say that locking is left in place. A concurrent setgroups (or whatever)
> > call resulting in setting P_SUGID is also being executed. Regardless of
> > whether PROC_LOCK/PROC_UNLOCK pair is in place, it can set the bit
> > before or after it is being tested by sys_issetugid.
> > 
> > In principle, the very moment you drop a lock, your informatoin is
> > stale.
> Right, this is the reason why the locking is useless.

Thank you, guys, for your response.

> 
> > 
> > This does not matter here. It's only the process itself which can set
> > the bit, so it would have to race with itself.
> One thread in the process executing issetugid() can race with another
> executing setsugid().  It is legitimate.
> 
> > 
> > Finally, the bit can be only unset during execve, which cannot be
> > executed here - if it is being executed, there is only one thread doing
> > work and, well, it is doing execve.
> > 
> > The real question is if it would make sense to add the bit to elf aux
> > vector to save the call as done by the loader.
> I once did a pass to remove (most of) sysctls executed during process
> startup.  issetugid indeed may be treated same.

like a Linux AT_SECURE? our P_SUGID bit can be changed after exec,
so the result of issetugid() implementated on auxv table will be unnafected
by calls to setuid(), setgid() or other such calls.