lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080701094545.GD3925@linux.vnet.ibm.com>
Date:	Tue, 1 Jul 2008 15:15:45 +0530
From:	Dhaval Giani <dhaval@...ux.vnet.ibm.com>
To:	Paul Menage <menage@...gle.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Balbir Singh <balbir@...ibm.com>,
	Sudhir Kumar <skumar@...ux.vnet.ibm.com>,
	lkml <linux-kernel@...r.kernel.org>,
	containers@...ux.vnet.ibm.com
Subject: Attaching PID 0 to a cgroup

Hi Paul,

Attaching PID 0 to a cgroup caused the current task to be attached to
the cgroup. Looking at the code,

        if (pid) {
                rcu_read_lock();
                tsk = find_task_by_vpid(pid);
                if (!tsk || tsk->flags & PF_EXITING) {
                        rcu_read_unlock();
                        return -ESRCH;
                }
                get_task_struct(tsk);
                rcu_read_unlock();

                if ((current->euid) && (current->euid != tsk->uid)
                    && (current->euid != tsk->suid)) {
                        put_task_struct(tsk);
                        return -EACCES;
                }
        } else {
                tsk = current;
                get_task_struct(tsk);
        }

I was wondering, why this was done. It seems to be unexpected behavior.
Wouldn't something like the following be a better response? (I've used
EINVAL, but I can change it to ESRCH if that is better.)

---
cgroups: Don't allow PID 0 to be attached to a group

Currently when one trys to attach PID 0 to a cgroup, it attaches
the current task. That is not expected behavior. It should return
an error instead.

Signed-off-by: Dhaval Giani <dhaval@...ux.vnet.ibm.com>

Index: linux-2.6/kernel/cgroup.c
===================================================================
--- linux-2.6.orig/kernel/cgroup.c
+++ linux-2.6/kernel/cgroup.c
@@ -1309,8 +1309,7 @@ static int attach_task_by_pid(struct cgr
 			return -EACCES;
 		}
 	} else {
-		tsk = current;
-		get_task_struct(tsk);
+			return -EINVAL;
 	}
 
 	ret = cgroup_attach_task(cgrp, tsk);
-- 
regards,
Dhaval
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ