getgrouplist(3) is not thread-safe
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
glibc (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Hello glibc people!
While investigating some threading-related problem in a third-party program, I discovered that this program calls getgrouplist(3) from multiple threads, assuming that this is thread-safe. Indeed, the the man page claims that it is:
│Interface │ Attribute │ Value │
However, consider the stack traces below.
[Switching to Thread 0x7f691c5ff700 (LWP 30714)]
Thread 353 "mount.quobyte" hit Breakpoint 10, 0x00007f694e7eb3c0 in _nss_extrausers
(gdb) bt
#0 0x00007f694e7eb3c0 in _nss_extrausers
#1 0x00007f695c72750a in ?? () from /lib/x86_
#2 0x00007f695c72793e in ?? () from /lib/x86_
#3 0x00007f695c727ab1 in getgrouplist () from /lib/x86_
[ remaining frames are from the third-party program - omitted ]
(gdb) c
Continuing.
[Switching to Thread 0x7f68971ff700 (LWP 30934)]
Thread 375 "mount.quobyte" hit Breakpoint 12, 0x00007f694e7eb460 in _nss_extrausers
(gdb) bt
#0 0x00007f694e7eb460 in _nss_extrausers
#1 0x00007f695c7275ad in ?? () from /lib/x86_
#2 0x00007f695c72793e in ?? () from /lib/x86_
#3 0x00007f695c727ab1 in getgrouplist () from /lib/x86_
[ remaining frames are from the third-party program - omitted ]
getgrouplist calls _nss_*_setgrent() and _nss_*_
For example, this is from libnss-extrausers, showing the thead-unsafe function signature and the global variable groupsfile it uses. This signature is forced on it from NSS.
enum nss_status _nss_extrausers
enum nss_status status = NSS_STATUS_SUCCESS;
if (groupsfile == NULL) {
if (groupsfile == NULL)
} else {
}
return status;
}
I looked at glibc/grp/
ii libc-bin 2.27-3ubuntu1.4 amd64 GNU C Library: Binaries
ii libc-dev-bin 2.27-3ubuntu1.4 amd64 GNU C Library: Development binaries
ii libc6:amd64 2.27-3ubuntu1.4 amd64 GNU C Library: Shared libraries
ii libc6-dev:amd64 2.27-3ubuntu1.4 amd64 GNU C Library: Development Libraries and Header Files
So I can only conclude that getgrouplist(3) is not thread-safe, despite documentation.
Also see https:/ /bugs.launchpad .net/ubuntu/ +source/ libnss- extrausers/ +bug/1602264 /bugs.debian. org/cgi- bin/bugreport. cgi?bug= 831390
which refers to https:/