subject:"Bug#1098226\: perl\: thread creation while a directory handle is open does a fchdir, affecting other threads"

Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads

2025-07-03 Thread Niko Tyni

On Sun, Jun 29, 2025 at 11:14:56AM +0300, Niko Tyni wrote:

> There were some updates to the fix later, so I'm picking those from the
> maint-5.40 branch as well. I'll try to get this in Debian trixie (the
> upcoming, currently frozen release) first, and look at updating 5.36
> in bookworm (the current stable release) later.

For the record, a proposed bookworm update for this is currently discussed
separately in #1108684 .
-- 
Niko Tyni   [email protected]

Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads

2025-06-29 Thread Niko Tyni

On Thu, May 29, 2025 at 06:41:42AM +0200, Aristotle Pagaltzis wrote:
> * Niko Tyni  [2025-05-17 08:27]:
> > There's a preliminary patch upstream at
> >   https://github.com/Perl/perl5/pull/23019
> >
> > but it looks like it's not going to be in 5.42. I'm certainly not
> > going to backport it before it's ready.
> 
> it will be. It’s just been merged and released as part of 5.41.13.
> 
> You can use 918bfff86ca8d6d4e4ec5b30994451e0bd74aba9 to backport the
> fix to any older perl releases. Point releases for the currently
> supported perls should be coming from our side soon, as well.

Thanks Aristotle, and sorry for the delay in responding.

There were some updates to the fix later, so I'm picking those from the
maint-5.40 branch as well. I'll try to get this in Debian trixie (the
upcoming, currently frozen release) first, and look at updating 5.36
in bookworm (the current stable release) later.
-- 
Niko

Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads

2025-06-29 Thread Niko Tyni

(dropped Aristotle who's probably not interested in the Debian specifics
here)

On Sun, Jun 29, 2025 at 11:15:00AM +0300, Niko Tyni wrote:

> There were some updates to the fix later, so I'm picking those from the
> maint-5.40 branch as well. I'll try to get this in Debian trixie (the
> upcoming, currently frozen release) first, and look at updating 5.36
> in bookworm (the current stable release) later.

Due to the trixie freeze, I'm uploading to experimental first.
Hopefully we'll see the debci results etc. before requesting
pre-approval for trixie.
-- 
Niko

Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads

2025-05-28 Thread Aristotle Pagaltzis

Hi Niko,

* Niko Tyni  [2025-05-17 08:27]:
> There's a preliminary patch upstream at
>   https://github.com/Perl/perl5/pull/23019
>
> but it looks like it's not going to be in 5.42. I'm certainly not
> going to backport it before it's ready.

it will be. It’s just been merged and released as part of 5.41.13.

You can use 918bfff86ca8d6d4e4ec5b30994451e0bd74aba9 to backport the
fix to any older perl releases. Point releases for the currently
supported perls should be coming from our side soon, as well.

Regards,
-- 
Aristotle Pagaltzis //

Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads

2025-05-23 Thread Vincent Lefevre

On 2025-05-17 11:26:54 +0300, Niko Tyni wrote:
> It doesn't look like upstream is treating this as a serious security
> issue, so I'm lowering the severity. Please discuss the security concerns
> upstream if you want this to change.

FYI, I've sent a message to the oss-security list:

  https://www.openwall.com/lists/oss-security/2025/05/22/2

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)

Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads

2025-05-18 Thread Vincent Lefevre

On 2025-05-17 11:26:54 +0300, Niko Tyni wrote:
> It doesn't look like upstream is treating this as a serious security
> issue, so I'm lowering the severity. Please discuss the security concerns
> upstream if you want this to change.

I think that upstream is just currently trying to fix the bug, not
discussing about security.

Note that since in the case the directory opened by opendir is
writable by some attacker (e.g. it could be /tmp), the attacker
can provide incorrect data to the script. This could potentially
be data that could be executed by the script.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)

Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads

2025-05-17 Thread Niko Tyni

Control: severity -1 normal

On Tue, Feb 18, 2025 at 05:01:55PM +0100, Vincent Lefevre wrote:

> Control: forwarded -1 https://github.com/Perl/perl5/issues/23010
> 
> This is a bug visible in the perl code, so I've just reported the bug
> upstream.

Thanks.

> (Not sure about the severity, but this can yield incorrect file
> operations in the involved directory, which may be very problematic
> if this directory is untrusted.)

There's a preliminary patch upstream at
  https://github.com/Perl/perl5/pull/23019

but it looks like it's not going to be in 5.42. I'm certainly not going
to backport it before it's ready.

It doesn't look like upstream is treating this as a serious security
issue, so I'm lowering the severity. Please discuss the security concerns
upstream if you want this to change.

-- 
Niko Tyni   [email protected]

Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads

2025-02-18 Thread Vincent Lefevre

Control: reassign -1 perl 5.40.1-2
Control: retitle -1 perl: thread creation while a directory handle is open does 
a fchdir, affecting other threads (race condition)
Control: tags -1 security upstream
Control: severity -1 grave
Control: forwarded -1 https://github.com/Perl/perl5/issues/23010

This is a bug visible in the perl code, so I've just reported the bug
upstream.

(Not sure about the severity, but this can yield incorrect file
operations in the involved directory, which may be very problematic
if this directory is untrusted.)

On 2025-02-18 14:26:54 +0100, Vincent Lefevre wrote:
> Hmm... There's a fchdir in the strace output. If the current directory
> is global to the process, this could be an issue. I now really suspect
> a bug in perl.

Yes, thread creation does a chdir when a directory handle is open.
As the current working directory is global to the process, this
can affect other threads, if they do file operations with relative
pathnames. Even though the current working directory is set back
to the old value, this is a race condition, which can affect real
scripts (this is how I identified this bug).

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)

Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads

Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads

Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads

Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads

Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads

Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads

Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads

Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads

8 matches

Site Navigation

Mail list logo

Footer information