On Mon Jun 22, 2026 at 7:08 AM CEST, Sana Kazi via lists.openembedded.org wrote:
> From: Sana Kazi <[email protected]>
>
> pthread_setname_np opens the thread's comm file using O_RDWR, but the
> function only ever writes to it.  This causes two distinct problems:
>
> 1. Missing O_CLOEXEC: the file descriptor is not marked close-on-exec,
> so it remains open across fork+exec.  A child process that audits
> its inherited file-descriptor set will encounter an unexpected /proc
> fd it did not open and may treat this as a security violation and
> abort.
> 2. Unnecessary O_RDWR: requesting read+write access when only write
> access is needed can cause open() to fail under security policies
> that permit writing to /proc/<tid>/comm but deny reading it.
>
> Fix both issues by replacing O_RDWR with O_WRONLY|O_CLOEXEC
> Similarly, updated pthread_getname_np to use O_CLOEXEC.
>
> Signed-off-by: Sana Kazi <[email protected]>
> ---

I see you sent that for master and scarthgap, but don't forget wrynose.
I can't take that for scarthgap until there is an equivalent fix in
wrynose.

Regards,

>  .../glibc/glibc/0024-fix-fd-leaks.patch       | 61 +++++++++++++++++++
>  meta/recipes-core/glibc/glibc_2.39.bb         |  1 +
>  2 files changed, 62 insertions(+)
>  create mode 100644 meta/recipes-core/glibc/glibc/0024-fix-fd-leaks.patch
>
> diff --git a/meta/recipes-core/glibc/glibc/0024-fix-fd-leaks.patch 
> b/meta/recipes-core/glibc/glibc/0024-fix-fd-leaks.patch
> new file mode 100644
> index 0000000000..633e52a8f9
> --- /dev/null
> +++ b/meta/recipes-core/glibc/glibc/0024-fix-fd-leaks.patch
> @@ -0,0 +1,61 @@
> +From 1cba6073e500c7bde9322a2f536fc0c308846c61 Mon Sep 17 00:00:00 2001
> +From: Sana Kazi <[email protected]>
> +Date: Mon, 15 Jun 2026 16:37:59 +0200
> +Subject: [PATCH] nptl: open threads comm with O_WRONLY|O_CLOEXEC
> +
> +pthread_setname_np opens the thread's comm file using O_RDWR, but the
> +function only ever writes to it.  This causes two distinct problems:
> +
> +1. Missing O_CLOEXEC: the file descriptor is not marked close-on-exec,
> +   so it remains open across fork+exec.  A child process that audits
> +   its inherited file-descriptor set will encounter an unexpected /proc
> +   fd it did not open and may treat this as a security violation and
> +   abort.
> +
> +2. Unnecessary O_RDWR: requesting read+write access when only write
> +   access is needed can cause open() to fail under security policies
> +   that permit writing to /proc/<tid>/comm but deny reading it.
> +
> +Fix both issues by replacing O_RDWR with O_WRONLY|O_CLOEXEC
> +
> +Similarly, updated pthread_getname_np to use O_CLOEXEC.
> +
> +Bug-Id: 34192[https://sourceware.org/bugzilla/show_bug.cgi?id=34192]
> +
> +Signed-off-by: Sana Kazi <[email protected]>
> +Reviewed-by: Florian Weimer <[email protected]>
> +---
> + nptl/pthread_getname.c | 2 +-
> + nptl/pthread_setname.c | 2 +-
> + 2 files changed, 2 insertions(+), 2 deletions(-)
> +
> +Upstream-Status: Backport 
> [https://sourceware.org/git/?p=glibc.git;a=patch;h=1cba6073e500c7bde9322a2f536fc0c308846c61]
> +
> +diff --git a/nptl/pthread_getname.c b/nptl/pthread_getname.c
> +index da23a13ba5..5261993d1f 100644
> +--- a/nptl/pthread_getname.c
> ++++ b/nptl/pthread_getname.c
> +@@ -44,7 +44,7 @@ __pthread_getname_np (pthread_t th, char *buf, size_t len)
> +   char fname[sizeof (FMT) + 8];
> +   sprintf (fname, FMT, (unsigned int) pd->tid);
> + 
> +-  int fd = __open64_nocancel (fname, O_RDONLY);
> ++  int fd = __open64_nocancel (fname, O_RDONLY | O_CLOEXEC);
> +   if (fd == -1)
> +     return errno;
> + 
> +diff --git a/nptl/pthread_setname.c b/nptl/pthread_setname.c
> +index 62f4964fcc..f9a528c3d8 100644
> +--- a/nptl/pthread_setname.c
> ++++ b/nptl/pthread_setname.c
> +@@ -46,7 +46,7 @@ __pthread_setname_np (pthread_t th, const char *name)
> +   char fname[sizeof (FMT) + 8];
> +   sprintf (fname, FMT, (unsigned int) pd->tid);
> + 
> +-  int fd = __open64_nocancel (fname, O_RDWR);
> ++  int fd = __open64_nocancel (fname, O_WRONLY | O_CLOEXEC);
> +   if (fd == -1)
> +     return errno;
> + 
> +-- 
> +2.43.7
> diff --git a/meta/recipes-core/glibc/glibc_2.39.bb 
> b/meta/recipes-core/glibc/glibc_2.39.bb
> index 7958d64eed..4681ac427d 100644
> --- a/meta/recipes-core/glibc/glibc_2.39.bb
> +++ b/meta/recipes-core/glibc/glibc_2.39.bb
> @@ -55,6 +55,7 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc 
> \
>             
> file://0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch \
>             file://0023-qemu-stale-process.patch \
>             file://0001-stdlib-Add-single-threaded-fast-path-to-rand.patch \
> +           file://0024-fix-fd-leaks.patch \
>  "
>  S = "${WORKDIR}/git"
>  B = "${WORKDIR}/build-${TARGET_SYS}"


-- 
Yoann Congal
Smile ECS

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#239295): 
https://lists.openembedded.org/g/openembedded-core/message/239295
Mute This Topic: https://lists.openembedded.org/mt/119922821/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to