| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <396556a20907061613h48691c80m75e5bfe17c1069cb@mail.gmail.com> Date: Mon, 6 Jul 2009 16:13:48 -0700 From: Adam Langley <agl@...erialviolet.org> To: linux-kernel@...r.kernel.org Subject: SCM_CREDENTIALS and PID namespaces Currently, the SCM_CREDENTIALS control message contains the PID of the sending process, in the sender's PID namespace. This would seem to violate the spirit of SCM_CREDENTIALS since, from the receiver's point of view, the sender's PID in that namespace might be another process entirely. I started to write a patch for this, but then got hung up on the semantics, so I'm asking here first. Here's what I think should happen: A received SCM_CREDENTIALS should contain the PID of the sending process, in the receiver's namespace. Or -1 if the PID is not representable. If the sending process has exited, the pid should be -1. (We don't want to hold a reference to a struct pid from the SKB, so we have to do this). When sending an SCM_CREDENTIALS message, if pid == getpid(), then the PID acts as above. Otherwise, we pass the PID raw to the receiver. (A process has to be CAP_SYS_ADMIN to fake its PID). Seem reasonable? AGL -- Adam Langley agl@...erialviolet.org http://www.imperialviolet.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists