From 38883d9578079c2c6b3ddce79946590ab936dc8d Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Sun, 22 Mar 2015 09:50:05 +0100 Subject: [PATCH] setreuid.2: Add discussion of NPTL credential-changing mechanism At the kernel level, credentials (UIDs and GIDs) are a per-thread attribute. NPTL uses a signal-based mechanism to ensure that when one thread changes its credentials, all other threads change credentials to the same values. By this means, the NPTL implementation conforms to the POSIX requirement that the threads in a process share credentials. Reported-by: Shawn Landden Signed-off-by: Michael Kerrisk --- man2/setreuid.2 | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/man2/setreuid.2 b/man2/setreuid.2 index 94ca82aaf..de6d49267 100644 --- a/man2/setreuid.2 +++ b/man2/setreuid.2 @@ -1,4 +1,5 @@ .\" Copyright (c) 1983, 1991 The Regents of the University of California. +.\" and Copyright (C) 2009, 2010, 2014, 2015, Michael Kerrisk .\" All rights reserved. .\" .\" %%%LICENSE_START(BSD_4_CLAUSE_UCB) @@ -191,6 +192,23 @@ The glibc and .BR setregid () wrapper functions transparently deal with the variations across kernel versions. +.\" +.SS C library/kernel ABI differences +At the kernel level, user IDs and group IDs are a per-thread attribute. +However, POSIX requires that all threads in a process +share the same credentials. +The NPTL threading implementation handles the POSIX requirements by +providing wrapper functions for +the various system calls that change process UIDs and GIDs. +These wrapper functions (including those for +.BR setreuid () +and +.BR setregid ()) +employ a signal-based technique to ensure +that when one thread changes credentials, +all of the other threads in the process also change their credentials. +For details, see +.BR nptl (7). .SH SEE ALSO .BR getgid (2), .BR getuid (2),