NetBSD Problem Report #41489
From www@NetBSD.org Mon May 25 14:35:39 2009
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id A6DEE63BAB8
for <gnats-bugs@gnats.netbsd.org>; Mon, 25 May 2009 14:35:39 +0000 (UTC)
Message-Id: <20090525143539.6D21A63B11D@www.NetBSD.org>
Date: Mon, 25 May 2009 14:35:39 +0000 (UTC)
From: ekamperi@gmail.com
Reply-To: ekamperi@gmail.com
To: gnats-bugs@NetBSD.org
Subject: setpriority(2) returns EACCES instead of EPERM
X-Send-Pr-Version: www-1.0
>Number: 41489
>Category: kern
>Synopsis: setpriority(2) returns EACCES instead of EPERM
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon May 25 14:40:01 +0000 2009
>Closed-Date: Mon Aug 03 20:26:03 +0000 2009
>Last-Modified: Fri Aug 14 21:20:05 +0000 2009
>Originator: Stathis Kamperis
>Release: NetBSD 5.0_STABLE
>Organization:
Aristotle University of Thessaloniki
>Environment:
NetBSD voyager 5.0_STABLE NetBSD 5.0_STABLE (GENERIC) #10: Fri May 22 17:59:56 EEST 2009 stathis@voyager:/usr/obj/sys/arch/i386/compile/GENERIC i386
>Description:
According to POSIX's description for setpriority(2):
[EPERM]
A process was located, but neither the real nor effective user ID of the executing process match the effective user ID of the process whose nice value is being changed.
OTOH, if I try to change the priority of init process I get EACCES. Mind that I don't try to increase/lower it. I just re-set it to 0.
>How-To-Repeat:
Call this and examine errno variable:
setpriority(PRIO_PROCESS, /* init */ 1, /* nice */ 0);
>Fix:
>Release-Note:
>Audit-Trail:
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
Date: Mon, 25 May 2009 19:32:52 +0000
On Mon, May 25, 2009 at 02:40:01PM +0000, ekamperi@gmail.com wrote:
> >Synopsis: setpriority(2) returns EACCES instead of EPERM
Didn't Elad just fix this? Does the fix need to be pulled up to -5?
--
David A. Holland
dholland@netbsd.org
From: Matthias Drochner <M.Drochner@fz-juelich.de>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@NetBSD.org, gnats-admin@NetBSD.org,
netbsd-bugs@NetBSD.org, ekamperi@gmail.com
Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
Date: Mon, 25 May 2009 22:24:42 +0200
dholland-bugs@NetBSD.org said:
> Didn't Elad just fix this? Does the fix need to be pulled up to -5?
Afaict he did not fix it but he did botch it, in kern_resource.c rev. 1.111.
(This was before the -5 branch. If it gets fixed, it should be pulled up.
It looks easy, but some care is needed to get the corner cases right.)
best regards
Matthias
-------------------------------------------------------------------
-------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
-------------------------------------------------------------------
-------------------------------------------------------------------
From: Elad Efrat <elad@NetBSD.org>
To: M.Drochner@fz-juelich.de
Cc: gnats-bugs@NetBSD.org
Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
Date: Tue, 26 May 2009 00:10:13 +0300
Matthias Drochner wrote:
> dholland-bugs@NetBSD.org said:
>> Didn't Elad just fix this? Does the fix need to be pulled up to -5?
>
> Afaict he did not fix it but he did botch it, in kern_resource.c rev. 1.111.
> (This was before the -5 branch. If it gets fixed, it should be pulled up.
> It looks easy, but some care is needed to get the corner cases right.)
How can you tell I botched it?
-e.
From: Elad Efrat <elad@NetBSD.org>
To: gnats-bugs@NetBSD.org
Cc: netbsd-bugs@netbsd.org
Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
Date: Tue, 26 May 2009 00:17:56 +0300
[ I'm sending this again. This is the second time that I gnats-bugs@
does not work, at least for me. ]
Matthias Drochner wrote:
> The following reply was made to PR kern/41489; it has been noted by GNATS.
>
> From: Matthias Drochner <M.Drochner@fz-juelich.de>
> To: gnats-bugs@NetBSD.org
> Cc: kern-bug-people@NetBSD.org, gnats-admin@NetBSD.org,
> netbsd-bugs@NetBSD.org, ekamperi@gmail.com
> Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
> Date: Mon, 25 May 2009 22:24:42 +0200
>
> dholland-bugs@NetBSD.org said:
> > Didn't Elad just fix this? Does the fix need to be pulled up to -5?
>
> Afaict he did not fix it but he did botch it, in kern_resource.c rev. 1.111.
> (This was before the -5 branch. If it gets fixed, it should be pulled up.
> It looks easy, but some care is needed to get the corner cases right.)
How can you tell that I botched it?
-e.
From: matthew green <mrg@eterna.com.au>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org, ekamperi@gmail.com
Subject: re: kern/41489: setpriority(2) returns EACCES instead of EPERM
Date: Tue, 26 May 2009 07:29:27 +1000
Matthias Drochner wrote:
> dholland-bugs@NetBSD.org said:
>> Didn't Elad just fix this? Does the fix need to be pulled up to -5?
>
> Afaict he did not fix it but he did botch it, in kern_resource.c rev. 1.111.
> (This was before the -5 branch. If it gets fixed, it should be pulled up.
> It looks easy, but some care is needed to get the corner cases right.)
How can you tell I botched it?
before your revision 1.111 donice() could return either EPERM or EACCESS.
.mrg.
From: Matthias Drochner <M.Drochner@fz-juelich.de>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@NetBSD.org, gnats-admin@NetBSD.org,
netbsd-bugs@NetBSD.org, ekamperi@gmail.com
Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
Date: Mon, 25 May 2009 23:36:26 +0200
elad@NetBSD.org said:
> How can you tell I botched it?
Sorry I usually avoid to point fingers at persons, but in this
case it was a nicely fitting reply to the question.
Your change removed a check which returned EPERM in case
the owner etc didn't match.
best regards
Matthias
-------------------------------------------------------------------
-------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
-------------------------------------------------------------------
-------------------------------------------------------------------
From: Elad Efrat <elad@NetBSD.org>
To: M.Drochner@fz-juelich.de
Cc: gnats-bugs@NetBSD.org, netbsd-bugs@NetBSD.org
Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
Date: Tue, 26 May 2009 00:54:52 +0300
This is a multi-part message in MIME format.
--------------000106030105040009010300
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Matthias Drochner wrote:
> elad@NetBSD.org said:
>> How can you tell I botched it?
>
> Sorry I usually avoid to point fingers at persons, but in this
> case it was a nicely fitting reply to the question.
>
> Your change removed a check which returned EPERM in case
> the owner etc didn't match.
My bad: I was looking at the wrong part of the code (specifically the
EACCES at the bottom rather than the EPERM at the top).
Anyway, the fix here isn't so obvious; specifically, the original check
checked both the effective and the real uid ("root" is a user with
effective uid 0). Additionally, the documentation (not ours) doesn't
necessarily specify a super-user, but rather a user with the proper
privileges, which is more correct. We have to decide if we want to
maintain the behavior (uid or euid 0 -> no EPERM, which is IMHO wrong),
fix it (euid 0 -> no EPERM, IMHO right, can simply be a
KAUTH_GENERIC_ISSUSER for now), or do something completely different
(like make listeners return errno values and weigh them, similar to
FreeBSD, long-term goal).
The attached diff is simply restores the original checks.
-e.
--------------000106030105040009010300
Content-Type: text/plain;
name="kern_resource.c.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="kern_resource.c.diff"
Index: sys/kern/kern_resource.c
===================================================================
RCS file: /usr/cvs/src/sys/kern/kern_resource.c,v
retrieving revision 1.151
diff -u -p -r1.151 kern_resource.c
--- sys/kern/kern_resource.c 29 Mar 2009 01:02:50 -0000 1.151
+++ sys/kern/kern_resource.c 25 May 2009 04:05:26 -0000
@@ -229,6 +229,11 @@ donice(struct lwp *l, struct proc *chgp,
KASSERT(mutex_owned(chgp->p_lock));
+ if (kauth_cred_geteuid(cred) && kauth_cred_getuid(cred) &&
+ kauth_cred_geteuid(cred) != kauth_cred_geteuid(chgp->p_cred) &&
+ kauth_cred_getuid(cred) != kauth_cred_geteuid(chgp->p_cred))
+ return (EPERM);
+
if (n > PRIO_MAX)
n = PRIO_MAX;
if (n < PRIO_MIN)
--------------000106030105040009010300--
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org,
gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, ekamperi@gmail.com
Cc:
Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
Date: Mon, 25 May 2009 18:38:09 -0400
On May 25, 10:25pm, elad@NetBSD.org (Elad Efrat) wrote:
-- Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
| My bad: I was looking at the wrong part of the code (specifically the
| EACCES at the bottom rather than the EPERM at the top).
|
| Anyway, the fix here isn't so obvious; specifically, the original check
| checked both the effective and the real uid ("root" is a user with
| effective uid 0). Additionally, the documentation (not ours) doesn't
| necessarily specify a super-user, but rather a user with the proper
| privileges, which is more correct. We have to decide if we want to
| maintain the behavior (uid or euid 0 -> no EPERM, which is IMHO wrong),
| fix it (euid 0 -> no EPERM, IMHO right, can simply be a
| KAUTH_GENERIC_ISSUSER for now), or do something completely different
| (like make listeners return errno values and weigh them, similar to
| FreeBSD, long-term goal).
|
| The attached diff is simply restores the original checks.
|
| -e.
Can't this be abstracted to a KAUTH_CHANGE_RESOURCE call or at least
we should cache the uid and gid variables.
christos
From: Elad Efrat <elad@NetBSD.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
Date: Tue, 26 May 2009 02:26:50 +0300
Christos Zoulas wrote:
> The following reply was made to PR kern/41489; it has been noted by GNATS.
>
> From: christos@zoulas.com (Christos Zoulas)
> To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org,
> gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, ekamperi@gmail.com
> Cc:
> Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
> Date: Mon, 25 May 2009 18:38:09 -0400
>
> On May 25, 10:25pm, elad@NetBSD.org (Elad Efrat) wrote:
> -- Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
>
> | My bad: I was looking at the wrong part of the code (specifically the
> | EACCES at the bottom rather than the EPERM at the top).
> |
> | Anyway, the fix here isn't so obvious; specifically, the original check
> | checked both the effective and the real uid ("root" is a user with
> | effective uid 0). Additionally, the documentation (not ours) doesn't
> | necessarily specify a super-user, but rather a user with the proper
> | privileges, which is more correct. We have to decide if we want to
> | maintain the behavior (uid or euid 0 -> no EPERM, which is IMHO wrong),
> | fix it (euid 0 -> no EPERM, IMHO right, can simply be a
> | KAUTH_GENERIC_ISSUSER for now), or do something completely different
> | (like make listeners return errno values and weigh them, similar to
> | FreeBSD, long-term goal).
> |
> | The attached diff is simply restores the original checks.
> |
> | -e.
>
> Can't this be abstracted to a KAUTH_CHANGE_RESOURCE call or at least
> we should cache the uid and gid variables.
It can and it will be, only that IIUC we want something that can be
easily pulled up to netbsd-5.
The issue here is a bit bigger than just this. When I did the suser
secmodel, I made a mistake and moved some logic into it from the kernel,
namely uid matching. Now that I think of it, we should have that logic
as a "default" routine in the kernel relevant to the subsystem, and the
suser secmodel should only check if the user is root or not (similar to
how securelevel only checks the securelevel). This touches other aspects
that I'd like to revisit as well; an rlimit interface (rather than open
coded checks), for example.
Fixing it, presuming we go with what I suggest (which applies to other
parts of the code) will require a bit more changes than just introducing
an action/request, and I'd like to have them properly brought up for
review rather than decided in a PR's audit trail...
What I suggest for now is going forward with putting back the original
test to fix the issue in HEAD and netbsd-5, and I (or anyone, for that
matter) will take a look at a better solution when I (they) get the
time. On the other hand, since code can be changed, I will obviously
not object to any other solution. :)
-e.
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org,
gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, ekamperi@gmail.com
Cc:
Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
Date: Mon, 25 May 2009 19:37:41 -0400
On May 25, 11:30pm, elad@NetBSD.org (Elad Efrat) wrote:
-- Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
| The following reply was made to PR kern/41489; it has been noted by GNATS.
|
| From: Elad Efrat <elad@NetBSD.org>
| To: gnats-bugs@NetBSD.org
| Cc:
| Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
| Date: Tue, 26 May 2009 02:26:50 +0300
|
| Christos Zoulas wrote:
| > The following reply was made to PR kern/41489; it has been noted by GNATS.
| >
| > From: christos@zoulas.com (Christos Zoulas)
| > To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org,
| > gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, ekamperi@gmail.com
| > Cc:
| > Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
| > Date: Mon, 25 May 2009 18:38:09 -0400
| >
| > On May 25, 10:25pm, elad@NetBSD.org (Elad Efrat) wrote:
| > -- Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
| >
| > | My bad: I was looking at the wrong part of the code (specifically the
| > | EACCES at the bottom rather than the EPERM at the top).
| > |
| > | Anyway, the fix here isn't so obvious; specifically, the original check
| > | checked both the effective and the real uid ("root" is a user with
| > | effective uid 0). Additionally, the documentation (not ours) doesn't
| > | necessarily specify a super-user, but rather a user with the proper
| > | privileges, which is more correct. We have to decide if we want to
| > | maintain the behavior (uid or euid 0 -> no EPERM, which is IMHO wrong),
| > | fix it (euid 0 -> no EPERM, IMHO right, can simply be a
| > | KAUTH_GENERIC_ISSUSER for now), or do something completely different
| > | (like make listeners return errno values and weigh them, similar to
| > | FreeBSD, long-term goal).
| > |
| > | The attached diff is simply restores the original checks.
| > |
| > | -e.
| >
| > Can't this be abstracted to a KAUTH_CHANGE_RESOURCE call or at least
| > we should cache the uid and gid variables.
|
| It can and it will be, only that IIUC we want something that can be
| easily pulled up to netbsd-5.
|
| The issue here is a bit bigger than just this. When I did the suser
| secmodel, I made a mistake and moved some logic into it from the kernel,
| namely uid matching. Now that I think of it, we should have that logic
| as a "default" routine in the kernel relevant to the subsystem, and the
| suser secmodel should only check if the user is root or not (similar to
| how securelevel only checks the securelevel). This touches other aspects
| that I'd like to revisit as well; an rlimit interface (rather than open
| coded checks), for example.
|
| Fixing it, presuming we go with what I suggest (which applies to other
| parts of the code) will require a bit more changes than just introducing
| an action/request, and I'd like to have them properly brought up for
| review rather than decided in a PR's audit trail...
|
| What I suggest for now is going forward with putting back the original
| test to fix the issue in HEAD and netbsd-5, and I (or anyone, for that
| matter) will take a look at a better solution when I (they) get the
| time. On the other hand, since code can be changed, I will obviously
| not object to any other solution. :)
Sounds good to me...
christos
From: Elad Efrat <elad@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/41489 CVS commit: src/sys/kern
Date: Tue, 26 May 2009 06:57:38 +0000
Module Name: src
Committed By: elad
Date: Tue May 26 06:57:38 UTC 2009
Modified Files:
src/sys/kern: kern_resource.c
Log Message:
PR/41489: Stathis Kamperis: etpriority(2) returns EACCES instead of EPERM
Per discussion on the PR's audit trail, put back original checks for now.
To generate a diff of this commit:
cvs rdiff -u -r1.151 -r1.152 src/sys/kern/kern_resource.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: dsl@NetBSD.org
State-Changed-When: Mon, 03 Aug 2009 20:26:03 +0000
State-Changed-Why:
Change reverted on head, I've requested a pullup for 5
From: Soren Jacobsen <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/41489 CVS commit: [netbsd-5] src/sys/kern
Date: Fri, 14 Aug 2009 21:15:16 +0000
Module Name: src
Committed By: snj
Date: Fri Aug 14 21:15:16 UTC 2009
Modified Files:
src/sys/kern [netbsd-5]: kern_resource.c
Log Message:
Pull up following revision(s) (requested by dsl in ticket #893):
sys/kern/kern_resource.c: revision 1.152
PR/41489: Stathis Kamperis: setpriority(2) returns EACCES instead of EPERM
Per discussion on the PR's audit trail, put back original checks for now.
To generate a diff of this commit:
cvs rdiff -u -r1.147.4.1 -r1.147.4.2 src/sys/kern/kern_resource.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Soren Jacobsen <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/41489 CVS commit: [netbsd-5-0] src/sys/kern
Date: Fri, 14 Aug 2009 21:16:14 +0000
Module Name: src
Committed By: snj
Date: Fri Aug 14 21:16:14 UTC 2009
Modified Files:
src/sys/kern [netbsd-5-0]: kern_resource.c
Log Message:
Pull up following revision(s) (requested by dsl in ticket #893):
sys/kern/kern_resource.c: revision 1.152
PR/41489: Stathis Kamperis: setpriority(2) returns EACCES instead of EPERM
Per discussion on the PR's audit trail, put back original checks for now.
To generate a diff of this commit:
cvs rdiff -u -r1.147.4.1 -r1.147.4.1.2.1 src/sys/kern/kern_resource.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.