lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090429115550.GA25368@redhat.com>
Date:	Wed, 29 Apr 2009 13:55:50 +0200
From:	Oleg Nesterov <oleg@...hat.com>
To:	David Howells <dhowells@...hat.com>
Cc:	James Morris <jmorris@...ei.org>,
	Eric Paris <eparis@...isplace.org>,
	Roland McGrath <roland@...hat.com>,
	Stephen Smalley <sds@...ho.nsa.gov>,
	linux-kernel@...r.kernel.org
Subject: Re: Q: selinux_bprm_committed_creds() && signals/do_wait

On 04/29, David Howells wrote:
>
> Oleg Nesterov <oleg@...hat.com> wrote:
>
> > > I suspect we should pass SIGKILL
> >
> > Or we can fliter out SIGKILLs, yes.
>
> How about the attached patch?

Heh. I did the very similar patch. It wasn't sent because I'd like to
understand flush_signal_handlers + sigemptyset first.

But,

> @@ -2398,11 +2398,14 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
>  		memset(&itimer, 0, sizeof itimer);
>  		for (i = 0; i < 3; i++)
>  			do_setitimer(i, &itimer, NULL);
> -		flush_signals(current);
>  		spin_lock_irq(&current->sighand->siglock);
> -		flush_signal_handlers(current, 1);
> -		sigemptyset(&current->blocked);
> -		recalc_sigpending();
> +		if (!sigismember(&current->pending.signal, SIGKILL) &&
> +		    !sigismember(&current->signal->shared_pending.signal,
> +				 SIGKILL)) {

No, no. Just

		if (!(current->signal->flags & SIGNAL_GROUP_EXIT))
			__flush_signals();

is enough and more clean imho. The fact that we _really_ have the pending
SIGKILL is just the implementation detail (and perhaps this we be changed
eventually).

No need to check ->shared_pending + ->pending. We can't have SIGKILL
(shared or not) without SIGNAL_GROUP_EXIT.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ