| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20191115130800.zntefr5ptabdngph@wittgenstein>
Date: Fri, 15 Nov 2019 14:08:01 +0100
From: Christian Brauner <christian.brauner@...ntu.com>
To: Oleg Nesterov <oleg@...hat.com>
Cc: Andrei Vagin <avagin@...il.com>, Adrian Reber <areber@...hat.com>,
Eric Biederman <ebiederm@...ssion.com>,
Pavel Emelyanov <ovzxemul@...il.com>,
Jann Horn <jannh@...gle.com>,
Dmitry Safonov <0x7f454c46@...il.com>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
linux-kernel@...r.kernel.org, Mike Rapoport <rppt@...ux.ibm.com>,
Radostin Stoyanov <rstoyanov1@...il.com>
Subject: Re: [PATCH v10 1/2] fork: extend clone3() to support setting a PID
On Fri, Nov 15, 2019 at 11:49:10AM +0100, Oleg Nesterov wrote:
> On 11/15, Christian Brauner wrote:
> >
> > +static int set_tid_next(pid_t *set_tid, size_t *size, int idx)
> > +{
> > + int tid = 0;
> > +
> > + if (*size) {
> > + tid = set_tid[idx];
> > + if (tid < 1 || tid >= pid_max)
> > + return -EINVAL;
> > +
> > + /*
> > + * Also fail if a PID != 1 is requested and
> > + * no PID 1 exists.
> > + */
> > + if (tid != 1 && !tmp->child_reaper)
> > + return -EINVAL;
> > +
> > + if (!ns_capable(tmp->user_ns, CAP_SYS_ADMIN))
> > + return -EPERM;
> > +
> > + (*size)--;
> > + }
>
> this needs more args, struct pid_namespace *tmp + pid_t pid_max
> if (set_tid_size) {
> tid = set_tid[ns->level - i];
>
> retval = -EINVAL;
> if (tid < 1 || tid >= pid_max)
> goto out_free;
I'm not a fan of this pattern of _not_ setting error codes in the actual
error path t but I won't object.
Christian
Powered by blists - more mailing lists