| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1ws2mpsuk.fsf@fess.ebiederm.org> Date: Thu, 22 Oct 2009 22:44:19 -0700 From: ebiederm@...ssion.com (Eric W. Biederman) To: Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com> Cc: Matt Helsley <matthltc@...ibm.com>, Oren Laadan <orenl@...rato.com>, Daniel Lezcano <daniel.lezcano@...e.fr>, randy.dunlap@...cle.com, arnd@...db.de, linux-api@...r.kernel.org, Containers <containers@...ts.linux-foundation.org>, Nathan Lynch <nathanl@...tin.ibm.com>, linux-kernel@...r.kernel.org, Louis.Rilling@...labs.com, kosaki.motohiro@...fujitsu.com, hpa@...or.com, mingo@...e.hu, torvalds@...ux-foundation.org, Alexey Dobriyan <adobriyan@...il.com>, roland@...hat.com, Pavel Emelyanov <xemul@...nvz.org> Subject: Re: [RFC][v8][PATCH 0/10] Implement clone3() system call Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com> writes: > Eric W. Biederman [ebiederm@...ssion.com] wrote: > | > | + if (target < RESERVED_PIDS) > | > > | > Should we replace RESERVED_PIDS with 0 ? We currently allow new > | > containers to have pids 1..32K in the first pass and in subsequent > | > passes assign starting at RESERVED_PIDS. > | > | If it is a preexisting namespace pid namespace removing the RESERVED_PIDS > | check removes most if not all of the point of RESERVED_PIDS. > | > | In a new fresh pid namespace I have no problem with not performing > | the RESERVED_PIDS check. > > In that case can we do this > > if (target_pid < RESERVED_PIDS && !pid_ns->level) > return -EINVAL; > > instead ? > | > | So I guess that makes the check. > | > | if ((target < RESERVED_PIDS) && pid_ns->last_pid >= RESERVED_PIDS) > | return -EINVAL; > > I am just wondering if there is a small corner case where C/R would randomly > fail because of this sequence: > > - C/R code calls clone() or clone3() say about RESERVED_PIDS-1 > times and ->last_pid == RESERVED_PIDS-1. > > - C/R code calls normal fork()/alloc_pidmap() for a short-lived > child - its pid == ->last_pid == RESERVED_PIDS > > - C/R code then calls clone3()/set_pidmap() to set the pid of > a new child to RESERVED_PID but fails (i.e it fails to restore > a pid even when the pid is not in use). > > We could argue that mixing alloc_pidmap() and set_pidmap() during restart > is bad since set_pidmap() may fail. > > The C/R developer could argue that we are forcing them to specify a pid > even for a short lived process that they wait()s on and thus ensure that > pid is not in use. > > Anyway, is RESERVED_PIDS meant for initial kernel-threads/daemons - if so > would it be ok enforce it only in init_pid_ns ? It is mean for initial user space daemons, things that start on boot. I don't know how much the protection matters at this date, but we have it. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists