| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <6feef7e0-ea72-412d-837e-34b6fdd3b869@app.fastmail.com>
Date: Mon, 14 Aug 2023 07:13:09 +0200
From: "David Rheinsberg" <david@...dahead.eu>
To: "Oleg Nesterov" <oleg@...hat.com>,
"Christian Brauner" <brauner@...nel.org>
Cc: linux-kernel@...r.kernel.org, "Jan Kara" <jack@...e.cz>,
"Kees Cook" <keescook@...omium.org>,
"Alexander Mikhalitsyn" <alexander@...alicyn.com>,
"Luca Boccassi" <bluca@...ian.org>
Subject: Re: [PATCH] pid: allow pidfds for reaped tasks
Hi Oleg,
On Fri, Aug 11, 2023, at 1:57 PM, Oleg Nesterov wrote:
>> What code do we need to allow userspace to open a pidfd to a leader pid
>> even if it has already been exited and reaped (without also accidently
>> allowing to open non-lead pid pidfds)?
>
> I'll try to think more, but can you also explain why do we need this?
>
> See my another email. Can't we simply shift the pid_has_task(PIDTYPE_TGID)
> check from pidfd_prepare() to pidfd_create() ? (and then we can kill
> pidfd_prepare and rename __pidfd_prepare to pidfd_prepare).
Yes, the easiest solution would be to use `__pidfd_prepare()` and ensure that the caller only ever calls this on tg-leaders. This would work just fine, imo. And this was my initial approach.
I think Christian preferred an explicit assertion that ensures we do not accidentally hand out pidfds for non-tg-leaders. The question is thus whether there is an easy way to assert this even for reaped tasks? Or whether there is a simple way to flag a pid that was used as tg-leader? Or, ultimately, whether this has limited use and we should just use `__pidfd_prepare()`?
Thanks a lot!
David
Powered by blists - more mailing lists