Opened 11 years ago
Closed 11 years ago
#5834 closed Support Requests (invalid)
once.cpp: call_once: suffers from lack of uniqueness and synchronization handle manipulations
| Reported by: | Owned by: | viboes | |
|---|---|---|---|
| Milestone: | To Be Determined | Component: | thread |
| Version: | Boost 1.47.0 | Severity: | Problem |
| Keywords: | Cc: | viboes |
Description
call_once attempts to form a unique mutex name by concatenating 2AC1A572DB6944B0A65C38C4140AF2F4 with the PID.
As Wagner and Goldberg taught us, PIDs are a useless source of entropy (or part thereof). See http://www.cs.berkeley.edu/~daw/papers/ddj-netscape.html.
An attacker using Win32 can manipulate synchronization objects by (1) squatting the name 'a priori', (2) creating a different type of object using the same name, and (3) creating the expected object but with lesser permissions than the program expects (ie, remove the ability to 'wait' on the mutex). See http://www.softwareintegrity.com/Documents/Old-Dogs-and-New-Tricks.pdf.
In addition, two different routines within the same program, each expecting to be 'run once', will suffer contention.
Change History (6)
comment:1 by , 11 years ago
| Component: | None → thread |
|---|---|
| Owner: | set to |
comment:2 by , 11 years ago
comment:3 by , 11 years ago
| Cc: | added |
|---|
comment:4 by , 11 years ago
How is this related to #5752 boost::call_once() is unreliable on some platforms?
comment:5 by , 11 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
| Type: | Bugs → Support Requests |
Could you point where in the code this is happening? Moved to support request until clarified.
comment:6 by , 11 years ago
| Resolution: | → invalid |
|---|---|
| Status: | assigned → closed |
Closed as it seems this doesn't corresponds to the current Boost.Thread implementation.
Do you have any suggestion to improve the current state?