[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reauthentication implementation flaw due to EINTR

From: Carl Fredrik Hammar
Subject: Re: Reauthentication implementation flaw due to EINTR
Date: Wed, 30 Dec 2009 12:40:02 +0100
User-agent: Mutt/1.5.20 (2009-06-14)

On Tue, Dec 29, 2009 at 11:46:09PM +0100, Samuel Thibault wrote:
> Carl Fredrik Hammar, le Tue 29 Dec 2009 23:40:21 +0100, a écrit :
> > On Tue, Dec 29, 2009 at 11:10:00PM +0100, Samuel Thibault wrote:
> > > 
> > > That's the same.  To make it clearer, see attached patch.
> > 
> > I meant in the other branch of the if (though for some reason I didn't
> > consider the server part's if).
> Err, what for?  In that case, dead name notification isn't
> requested, is it?  Or is it always requested by default and
> ports_interrupt_self_on_port_death() is just to change the behavior?
> (I'm a complete newbie for such parts of the Hurd...)

Nothing magical is happening.  The notification has been requested by
auth_server_authenticate which is waiting for auth_user_authenticate
to arive.  In the then part of the if statement, the user has found that
the server is waiting for the condition to be signaled, which is right
time to cancel the notification.  If canceled by the server after the
notification has been signaled there is a window between receiving the
condition signal and the cancelation where it can still be interrupted.
It's a very, very narrow window, but I think it could still affect
the reply.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]