[Bug 214540] pam_exec isn't multithreading save

Tue Nov 15 17:01:37 UTC 2016

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214540

            Bug ID: 214540
           Summary: pam_exec isn't multithreading save
           Product: Base System
           Version: 11.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: threads
          Assignee: freebsd-threads at FreeBSD.org
          Reporter: crest at bultmann.eu

The pam_exec module uses vfork()+execve() and waitpid() to spawn a child
process and wait for its completion. This is a race condition in a
multithreaded process using PAM. An other thread could reap the process forked
by pam_exec in which case waitpid() would either fail because there is no valid
pid to wait for or wait for the wrong process if it happens to reuse the pid.
The correct solution would be to use pdfork() and wait with kevent() on the
(EVFILT_PROCDESC, process descriptor) event.

-- 
You are receiving this mail because:
You are the assignee for the bug.