lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 3 Dec 2007 20:41:13 +0300
From:	Oleg Nesterov <oleg@...sign.ru>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Davide Libenzi <davidel@...ilserver.org>,
	Ingo Molnar <mingo@...e.hu>,
	Roland McGrath <roland@...hat.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/2] fix the long standing exec vs kill race

On 12/03, Linus Torvalds wrote:
> 
> On Sun, 2 Dec 2007, Oleg Nesterov wrote:
> >
> > Depends on
> > 	[PATCH] __group_complete_signal: fix coredump with group stop race
> > 	http://marc.info/?l=linux-kernel&m=119653436116036
> > 
> > Needs review and testing.
> > 
> > Please comment, I think at least the idea is promising.
> 
> It looks clean and sane to me, but I'm currently more worried about 
> 2.6.24, and even the first patch this depends on (coredump/stop race) 
> makes me a bit nervous since all these things tend to have some rather 
> subtle interactions with other parts that depended on the exact semantics 
> of all the signal issues.
> 
> So my gut feel - considering that none of the problems involved here are 
> exactly new - is that this is good material for early in the 2.6.25 cycle.
> 
> But I think the whole series looks ok, and if people press me and convince 
> me it's (a) well tested and (b) needed early, then I guess it can be 
> pushed into 2.6.24.

No, no, I don't think this should be pushed into 2.6.24 (even the first patch).

These problems are very old afaics, and nobody complained so far.

Even if correct, this needs more testing. I don't think this can break exec
or coredump in some "obvious" way, but I'm afraid this can introduce new
races / corner cases.

<offtopic>

I hope that with the new meaning of ->group_exit_task we can re-introduce the
"coredump signal "freezes" the thread group at sender's side" property, but we
need some hack to do this. OTOH, it was always a hack.

</offtopic>

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ