Re: PROBLEM: setgroups(2) does not update all threads in a process

[AmÃrico Wang]

On Fri, Oct 01, 2010 at 11:11:31PM -0400, Mark Heily wrote:
>
>The setgroups(2) system call does not update the credentials for all
>threads in a process. Instead, it only updates the credentials for
>the currently executing thread. Any threads that were created before
>setgroups() was called are not affected.
>
>This is not the expected behavior according to the manpage, which states:
>
>    "setgroups()  sets  the supplementary group IDs for the calling process."
>
>See below for a small test case that demonstrates the problem. This
>program runs successfully on FreeBSD 8 and Solaris 10, but fails on
>Linux 2.6.32.

I got the following from credentials(7):

       The POSIX threads specification requires that credentials are shared by all of
       the threads in a process.  However, at the kernel level, Linux maintains
       separate user and group credentials for each thread.  The NPTL threading
       implementation does some work to ensure that any change to user or group
       credentials (e.g., calls to setuid(2), setresuid(2), etc.)  is carried through
       to all of the POSIX threads in a process.

Hope it helps.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/