lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 25 Nov 2008 19:46:34 -0800
From:	Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com>
To:	oleg@...hat.com, ebiederm@...ssion.com, roland@...hat.com
Cc:	daniel@...ac.com, xemul@...nvz.org, containers@...ts.osdl.org,
	linux-kernel@...r.kernel.org, sukadev@...ibm.com
Subject: [RFC][PATCH 4/5] Protect cinit from fatal signals


>From 4ea8f0b4ae48da5f18d44b68ce3634408c89f230 Mon Sep 17 00:00:00 2001
From: Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com>
Date: Tue, 25 Nov 2008 10:29:10 -0800
Subject: [PATCH 4/5] Protect cinit from fatal signals

To protect container-init from fatal signals, set SIGNAL_UNKILLABLE but
clear it if it receives SIGKILL from parent namespace - so it is still
killable from ancestor namespace.

Note that container-init is still somewhat special compared to 'normal
processes' - unhandled fatal signals like SIGUSR1 to a container-init
are dropped even if they are from ancestor namespace. SIGKILL from an
ancestor namespace is the only reliable way to kill a container-init.

Signed-off-by: Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com>
---
 kernel/fork.c   |    2 ++
 kernel/signal.c |    2 ++
 2 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/kernel/fork.c b/kernel/fork.c
index 28be39a..368f25c 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -814,6 +814,8 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
 	atomic_set(&sig->live, 1);
 	init_waitqueue_head(&sig->wait_chldexit);
 	sig->flags = 0;
+	if (clone_flags & CLONE_NEWPID)
+		sig->flags |= SIGNAL_UNKILLABLE;
 	sig->group_exit_code = 0;
 	sig->group_exit_task = NULL;
 	sig->group_stop_count = 0;
diff --git a/kernel/signal.c b/kernel/signal.c
index 45aebf0..8c294c1 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -828,6 +828,8 @@ static int send_signal(int sig, struct siginfo *info, struct task_struct *t,
 	trace_sched_signal_send(sig, t);
 
 	from_ancestor_ns = siginfo_from_ancestor_ns(t, info);
+	if (from_ancestor_ns && sig == SIGKILL)
+		t->signal->flags &= ~SIGNAL_UNKILLABLE;
 
 	assert_spin_locked(&t->sighand->siglock);
 	if (!prepare_signal(sig, t))
-- 
1.5.2.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ