lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20091005182536.GA943@redhat.com>
Date:	Mon, 5 Oct 2009 20:25:36 +0200
From:	Oleg Nesterov <oleg@...hat.com>
To:	Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Daniel Lezcano <dlezcano@...ibm.com>,
	Sukadev Bhattiprolu <sukadev@...ibm.com>,
	Linux Containers <containers@...ts.osdl.org>,
	roland@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/4] signals: send_signal: use si_fromuser() to detect
	from_ancestor_ns

On 10/05, Sukadev Bhattiprolu wrote:
>
> Oleg Nesterov [oleg@...hat.com] wrote:
> |
> | --- TTT_32/kernel/signal.c~FU_2_SEND_SIGNAL	2009-10-04 02:21:55.000000000 +0200
> | +++ TTT_32/kernel/signal.c	2009-10-04 03:09:44.000000000 +0200
> | @@ -928,9 +928,8 @@ static int send_signal(int sig, struct s
> |  	int from_ancestor_ns = 0;
> |
> |  #ifdef CONFIG_PID_NS
> | -	if (!is_si_special(info) && SI_FROMUSER(info) &&
> | -			task_pid_nr_ns(current, task_active_pid_ns(t)) <= 0)
> | -		from_ancestor_ns = 1;
> | +	from_ancestor_ns = si_fromuser(info) &&
> | +			   !task_pid_nr_ns(current, task_active_pid_ns(t));
>
> Makes sense. And we had mentioned earlier that container-init is immune
> to suicide but should we add a check for 'current == t' above to cover the
>
> 	send_sig(SIGKILL, current, 0);
>
> in load_aout_binary() and friends
>
> 	from_ancestor_ns = si_fromuser(info) && (current == t ||
> 				!task_pid_nr_ns(current, task_active_pid_ns(t)));

I don't think so.

First of all, this is just ugly. If we need this check we should change
the callers, not send_signal().

But more importantly, I disagree with "container-init is immune to suicide"
above. This is another issue I was going to discuss later, lets do this now.

When load_elf_binary() does send_sig(SIGKILL, current) init must die, because
we have no option. Exec failed, but we can't return to user-space with the
error code, it is too late.

So, imho this patch also fixes this case by accident, but I think it would
be better to change load_aout_binary/etc to use force_sig_info() to make
the code more explicit.

What do you think?

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ