| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZXCS1SMQLhSPtjdp@tycho.pizza>
Date: Wed, 6 Dec 2023 08:27:17 -0700
From: Tycho Andersen <tycho@...ho.pizza>
To: Florian Weimer <fweimer@...hat.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Christian Brauner <brauner@...nel.org>,
Oleg Nesterov <oleg@...hat.com>,
"Eric W . Biederman" <ebiederm@...ssion.com>,
linux-kernel@...r.kernel.org, linux-api@...r.kernel.org,
Tycho Andersen <tandersen@...flix.com>
Subject: Re: [RFC 1/3] pidfd: allow pidfd_open() on non-thread-group leaders
On Thu, Nov 30, 2023 at 08:43:18PM +0100, Florian Weimer wrote:
> * Mathieu Desnoyers:
>
> >>> I'd like to offer a userspace API which allows safe stashing of
> >>> unreachable file descriptors on a service thread.
>
> >> By "safe" here do you mean not accessible via pidfd_getfd()?
>
> No, unreachable by close/close_range/dup2/dup3. I expect we can do an
> intra-process transfer using /proc, but I'm hoping for something nicer.
It occurred to me that we could get the seccomp() protected-memory
functionality almost all the way via some combination of
memfd_create(MFD_ALLOW_SEALING), fcntl(F_SEAL_WRITE|F_SEAL_SEAL), and
mmap(PROT_NONE). Some other thread could come along and unmap/remap,
but perhaps with some kind of F_SEAL_NOUNMAP married to one of these
special files we could both get what we want?
I submitted a talk to FOSDEM just for grins, if anyone is planning to
attend that.
Tycho
Powered by blists - more mailing lists