Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

runtime: LockOSThread locked thread cloned and state inherited #29613

Closed
parsley42 opened this issue Jan 8, 2019 · 2 comments

Comments

Projects
None yet
2 participants
@parsley42
Copy link

commented Jan 8, 2019

What version of Go are you using (go version)?

$ go version
go version go1.11.4 linux/amd64

Does this issue reproduce with the latest release?

1.11.4 is currently the latest release

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/parse/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/parse/go"
GOPROXY=""
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build285473962=/tmp/go-build -gno-record-gcc-switches"

What did you do?

This behavior was noted as part of much larger program that runs as a setuid (non-root) binary so can't be reproduced on play.golang.org. The program makes heavy use of runtime.LockOSThread and syscall.SYS_SETRESUID to drop privileges by setting r=e=suid=(original ruid). However, I'm getting occasional failures in calls that explicitly set raised privileges:
Error: Privileged setresuid(1) call failed for 'incoming message': 1; thread 1459 r/e/suid: 56486/56486/56486
This shows that thread 1459 was cloned from a fully drop-privileged thread.

What did you expect to see?

New worker threads not being cloned from threads locked with LockOSThread

What did you see instead?

Threads cloned from LockOSThread altered-threads that carried over state, in this case irrevocably dropped privileges

@ianlancetaylor

This comment has been minimized.

Copy link
Contributor

commented Jan 8, 2019

Thanks. This is almost certainly #28979 which will be fixed in the upcoming 1.11.5 and 1.12 releases.

@parsley42

This comment has been minimized.

Copy link
Author

commented Jan 8, 2019

Indeed, that's it. I'll re-check w/ 1.11.5, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.