[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKOZuevrFxWLY1J1DVPNGaEy8UbkD1r_M9T9FQTOtSrqp-G0qw@mail.gmail.com>
Date: Wed, 31 Oct 2018 18:00:49 +0000
From: Daniel Colascione <dancol@...gle.com>
To: Tycho Andersen <tycho@...ho.ws>
Cc: linux-kernel <linux-kernel@...r.kernel.org>,
Tim Murray <timmurray@...gle.com>,
Joel Fernandes <joelaf@...gle.com>,
Suren Baghdasaryan <surenb@...gle.com>,
Aleksa Sarai <cyphar@...har.com>,
Christian Brauner <christian.brauner@...onical.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Kees Cook <keescook@...omium.org>,
Oleg Nesterov <oleg@...hat.com>
Subject: Re: [PATCH v3] Implement /proc/pid/kill
On Wed, Oct 31, 2018 at 5:54 PM, Tycho Andersen <tycho@...ho.ws> wrote:
> Why not just use an ioctl() like Jann suggested instead of this big
> security check? Then we avoid the whole setuid writer thing entirely,
Don't you think a system call would be better than a new ioctl? With
either an ioctl or a new system call, though, the shell would need a
helper program to use the facility, whereas with the existing
approach, the shell can use the new facility without any additional
binaries.
> and we can pass the fd around if we want to.
You can pass the FD around today --- specifically, you just pass the
/proc/pid directory FD, not the /proc/pid/kill FD. The /proc/pid
directory FD acts as a process handle. (It's literally a reference to
a struct pid.) Anyone who receives one of these process handle FDs and
who wants to use the corresponding kill file can open the kill fd with
openat(2). What you can't do is pass the /proc/pid/kill FD to another
security context and use it, but when would you ever want to do that?
Powered by blists - more mailing lists