lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue,  2 Apr 2019 17:33:07 +0200
From:   Christian Brauner <christian@...uner.io>
To:     jannh@...gle.com, linux-kernel@...r.kernel.org,
        torvalds@...ux-foundation.org
Cc:     Christian Brauner <christian@...uner.io>
Subject: [GIT PULL] pidfd fixes for v5.1-rc3

Hi Linus,

This should be an uncontroversial fix for pidfd_send_signal() by Jann to
better align it's behavior with other signal sending functions:

The following changes since commit 79a3aaa7b82e3106be97842dedfd8429248896e6:

  Linux 5.1-rc3 (2019-03-31 14:39:29 -0700)

are available in the Git repository at:

  git@...olite.kernel.org:pub/scm/linux/kernel/git/brauner/linux tags/pidfd-fixes-v5.1-rc3

for you to fetch changes up to 556a888a14afe27164191955618990fb3ccc9aad:

  signal: don't silently convert SI_USER signals to non-current pidfd (2019-04-01 23:03:18 +0200)

In one of the early versions of the patchset it was suggested to not
unconditionally error out when a signal with SI_USER is sent to a
non-current task (cf. [1]). Instead, pidfd_send_signal() currently silently
changes this to a regular kill signal. While this is technically fine, the
semantics are weird since the kernel just silently converts a user's request
behind their back and also no other signal sending function allows to do
this. It gets more hairy when we introduce sending signals to a specific
thread soon.
So let's align pidfd_send_signal() with all the other signal sending
functions and error out when SI_USER signals are sent to a non-current
task.

Please consider pulling this fix!
Thanks!
Christian

/* References */
[1]: https://lore.kernel.org/lkml/87zhtjn8ck.fsf@xmission.com/

----------------------------------------------------------------
pidfd fixes for v5.1-rc3

----------------------------------------------------------------
Jann Horn (1):
      signal: don't silently convert SI_USER signals to non-current pidfd

 kernel/signal.c | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/kernel/signal.c b/kernel/signal.c
index b7953934aa99..f98448cf2def 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -3605,16 +3605,11 @@ SYSCALL_DEFINE4(pidfd_send_signal, int, pidfd, int, sig,
 		if (unlikely(sig != kinfo.si_signo))
 			goto err;
 
+		/* Only allow sending arbitrary signals to yourself. */
+		ret = -EPERM;
 		if ((task_pid(current) != pid) &&
-		    (kinfo.si_code >= 0 || kinfo.si_code == SI_TKILL)) {
-			/* Only allow sending arbitrary signals to yourself. */
-			ret = -EPERM;
-			if (kinfo.si_code != SI_USER)
-				goto err;
-
-			/* Turn this into a regular kill signal. */
-			prepare_kill_siginfo(sig, &kinfo);
-		}
+		    (kinfo.si_code >= 0 || kinfo.si_code == SI_TKILL))
+			goto err;
 	} else {
 		prepare_kill_siginfo(sig, &kinfo);
 	}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ