| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090629102152.GA7993@hmsreliant.think-freely.org> Date: Mon, 29 Jun 2009 06:21:52 -0400 From: Neil Horman <nhorman@...driver.com> To: Oleg Nesterov <oleg@...hat.com> Cc: Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org, earl_chew@...lent.com, Alan Cox <alan@...rguk.ukuu.org.uk>, Andi Kleen <andi@...stfloor.org> Subject: Re: [PATCH 2/2] exec: Make do_coredump more robust and safer when using pipes in core_pattern (v3) On Mon, Jun 29, 2009 at 01:32:00AM +0200, Oleg Nesterov wrote: > On 06/28, Neil Horman wrote: > > > > On Mon, Jun 29, 2009 at 12:24:55AM +0200, Oleg Nesterov wrote: > > > > > > Perhaps this sysctl should be added in a separate patch? This patch mixes > > > differents things imho. > > > > > No, I disagree. If we're going to have a sysctl, It should be added in this > > patch. I agree that since these processes run as root, we can have all sort of > > bad things happen. But I think theres an advantage to being able to limit the > > damage that a core_pattern process can do if it never exits. > > Yes, but why it should be added in this patch? > I agree with what you said earlier, in that the sysctl is orthogonal to the wait_for_complete functionality, from an implementation standpoint. But I don't feel as though they are independent from a behavioral standpoint. Given that the sysctl defines a default value of zero in which unlimited parallel core dumps are allowed, but none are waited for, separating the patches creates a behavioral split in which the the core_pattern behavior changes for the span of one commit, and in such a way that the system can deadlock if the core_pattern process does bad things. To illustrate, say we applied the wait_for_core patch separately from sysctl patch. If someone built with both patches, their core_pattern behavior would appear unchanged, but if they built with only the first patch, and their core_pattern app had a bug in which the process never exited properly, they would get an unbounded backlog of unreaped processes. I could certainly modify the first patch to never wait, and then modify the sysctl to decide when it was ok to wait, but to add a patch that allows for a wait state that never happens seems a bit odd to me. Regards Neil -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists