> On Feb 4, 2019, at 4:30 AM, Joerg Sonnenberger <[email protected]> wrote:
>
> This seems to allow attaching to random semaphores by just knowing the
> right idea. This violates the definition of anonymous semaphores and I
> wouldn't be surprised if it creates some nasty security issues...
Well, the SUS says this about it:
<quote>
If the pshared argument has a non-zero value, then the semaphore is shared
between processes; in this case, any process that can access the semaphore
semcan use sem for performing sem_wait(), sem_timedwait(), sem_trywait(),
sem_post(), and sem_destroy() operations.
</quote>
I supposed if we really wanted to, we could restrict to same-UID or something
similar, but it seems like that might technically violate the standard. I
suppose we could wrap that behavior in a sysctl control.
It's unfortunate that POSIX semaphores are so poorly specified (and "pshared"
especially), but there are real uses of them out in the wild.
I'm open to suggestions.
-- thorpej
