[Boost-bugs] [Boost C++ Libraries] #5834: once.cpp: call_once: suffers from lack of uniqueness and synchronization handle manipulations

Subject: [Boost-bugs] [Boost C++ Libraries] #5834: once.cpp: call_once: suffers from lack of uniqueness and synchronization handle manipulations
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2011-08-30 04:31:37


#5834: once.cpp: call_once: suffers from lack of uniqueness and synchronization
handle manipulations
--------------------------------+-------------------------------------------
 Reporter: noloader@… | Owner:
     Type: Bugs | Status: new
Milestone: To Be Determined | Component: None
  Version: Boost 1.47.0 | Severity: Problem
 Keywords: |
--------------------------------+-------------------------------------------
 call_once attempts to form a unique mutex name by concatenating
 2AC1A572DB6944B0A65C38C4140AF2F4 with the PID.

 As Wagner and Goldberg taught us, PIDs are a useless source of entropy (or
 part thereof). See http://www.cs.berkeley.edu/~daw/papers/ddj-
 netscape.html.

 An attacker using Win32 can manipulate synchronization objects by (1)
 squatting the name 'a priori', (2) creating a different type of object
 using the same name, and (3) creating the expected object but with lesser
 permissions than the program expects (ie, remove the ability to 'wait' on
 the mutex). See http://www.softwareintegrity.com/Documents/Old-Dogs-and-
 New-Tricks.pdf.

 In addition, two different routines within the same program, each
 expecting to be 'run once', will suffer contention.

-- 
Ticket URL: <https://svn.boost.org/trac/boost/ticket/5834>
Boost C++ Libraries <http://www.boost.org/>
Boost provides free peer-reviewed portable C++ source libraries.

This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:07 UTC