[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 6 Jun 2017 13:01:40 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux API <linux-api@...r.kernel.org>,
Oleg Nesterov <oleg@...hat.com>,
Ingo Molnar <mingo@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Kees Cook <keescook@...omium.org>,
Roland McGrath <roland@...k.frob.com>,
Al Viro <viro@...iv.linux.org.uk>,
David Howells <dhowells@...hat.com>,
"Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>
Subject: Re: [PATCH 03/26] signal: Do not perform permission checks when
sending pdeath_signal
On Tue, Jun 6, 2017 at 12:03 PM, Eric W. Biederman
<ebiederm@...ssion.com> wrote:
>
> As this is more permisssive there is no chance anything will break.
Actually, I do worry about the security issues here.
The thing is, the parent may be some system daemon that wants to catch
SIGCHLD, but we've used prctl and changed pdeath_signal to something
else (like SIGSEGV or something).
Do we really want to be able to kill a system daemon that we couldn't
use kill() on directly, just because that system daemon spawned us?
So I think those permission checks may actually be a good idea.
Although possibly they should be in prctl()..
Linus
Powered by blists - more mailing lists