lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20130828180940.b571fb3354d4d95a9ac0e04f@canb.auug.org.au>
Date:	Wed, 28 Aug 2013 18:09:40 +1000
From:	Stephen Rothwell <sfr@...b.auug.org.au>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	linux-next@...r.kernel.org, linux-kernel@...r.kernel.org,
	Andy Lutomirski <luto@...capital.net>,
	David Miller <davem@...emloft.net>, <netdev@...r.kernel.org>,
	Oleg Nesterov <oleg@...hat.com>
Subject: linux-next: manual merge of the akpm-current tree with the net tree

Hi Andrew,

Today's linux-next merge of the akpm-current tree got a conflict in
kernel/fork.c between commit c2b1df2eb429 ("Rename nsproxy.pid_ns to
nsproxy.pid_ns_for_children") from the net tree and commits 74a7cb7237ad
("pidns: fix vfork() after unshare(CLONE_NEWPID)"), 98c53a09f937 ("pidns:
kill the unnecessary CLONE_NEWPID in copy_process()") and ddb3b016a3f7
("fork: unify and tighten up CLONE_NEWUSER/CLONE_NEWPID checks") from the
akpm-current tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwell                    sfr@...b.auug.org.au

diff --cc kernel/fork.c
index df6e2a8,04a8c2a..0000000
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@@ -1173,13 -1171,15 +1171,16 @@@ static struct task_struct *copy_process
  		return ERR_PTR(-EINVAL);
  
  	/*
- 	 * If the new process will be in a different pid namespace
- 	 * don't allow the creation of threads.
+ 	 * If the new process will be in a different pid or user namespace
+ 	 * do not allow it to share a thread group or signal handlers or
+ 	 * parent with the forking task.
  	 */
- 	if ((clone_flags & (CLONE_VM|CLONE_NEWPID)) &&
- 	    (task_active_pid_ns(current) !=
- 	     current->nsproxy->pid_ns_for_children))
- 		return ERR_PTR(-EINVAL);
+ 	if (clone_flags & (CLONE_SIGHAND | CLONE_PARENT)) {
+ 		if ((clone_flags & (CLONE_NEWUSER | CLONE_NEWPID)) ||
 -		    (task_active_pid_ns(current) != current->nsproxy->pid_ns))
++		    (task_active_pid_ns(current) !=
++		     current->nsproxy->pid_ns_for_children))
+ 			return ERR_PTR(-EINVAL);
+ 	}
  
  	retval = security_task_create(clone_flags);
  	if (retval)

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ