lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0711031714130.4780@asgard.lang.hm>
Date:	Sat, 3 Nov 2007 17:21:33 -0700 (PDT)
From:	david@...g.hm
To:	Arjan van de Ven <arjan@...radead.org>
cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Ingo Molnar <mingo@...e.hu>, Dave Hansen <haveblue@...ibm.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Pavel Emelyanov <xemul@...nvz.org>,
	Ulrich Drepper <drepper@...hat.com>,
	linux-kernel@...r.kernel.org,
	"Dinakar Guniguntala [imap]" <dino@...ibm.com>,
	Sripathi Kodi <sripathik@...ibm.com>
Subject: Re: [patch] PID namespace design bug, workaround

On Sat, 3 Nov 2007, Arjan van de Ven wrote:

> On Sat, 3 Nov 2007 15:40:48 -0700 (PDT)
> Linus Torvalds <torvalds@...ux-foundation.org> wrote:
>
>> I don't understand how you can call this a "PID namespace design
>> bug", when it clearly has nothing what-so-ever to do with pid
>> namespaces, and everything to do with the *futexes* that blithely
>> assume that pid's are unique and that made it part of the
>> user-visible interface.
>>
>> OF COURSE any pid namespace design will always break such
>> assumptions, but that's not because of any PID namespace bugs. It's
>> what the whole *point* of PID namespaces are. If you use pid's
>> (instead of some opaque cookies), you will not be able to use such
>> things across pid-separation.
>
> well... kind of.
> THere are 2 things around pid namespaces: which pids you can see/touch
> (in proc or signals or otherwise), and the non-uniqueness.
>
> For containers you clearly want the first part... but... is there a
> strong reason to not just *not* create duplicate pids even across
> namespaces? there's no rule in posix or anything similar to fd's afaik
> concerning which pids we can hand out... so we could just make then
> unique globally but just with limited visibility....

two problems that I can think of

1. the container people would like to eventually have the ability to 
migrate containers from one system to another (or to suspend a container) 
in this sort of case trying to fit the allocated PIDs from the container 
into a running system is a problem if PIDs are not allowed to overlap.

2. it seems to me that there is porobably a latent security issue in 
having a global PID namespace with just limited visability. the types of 
bugs that may let you affect a process seem easier to make if the only 
protection is visability rather then complete seperation.

David Lang
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ