| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240216130625.GA8723@redhat.com> Date: Fri, 16 Feb 2024 14:06:25 +0100 From: Oleg Nesterov <oleg@...hat.com> To: Christian Brauner <brauner@...nel.org> Cc: Andy Lutomirski <luto@...capital.net>, "Eric W. Biederman" <ebiederm@...ssion.com>, Tycho Andersen <tycho@...ho.pizza>, linux-api@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2 2/2] pidfd: change pidfd_send_signal() to respect PIDFD_THREAD On 02/16, Christian Brauner wrote: > > On Wed, Feb 14, 2024 at 01:36:56PM +0100, Oleg Nesterov wrote: > > > > and I am not sure that task_pid(current) == pid should allow > > the "arbitrary signals" if PIDFD_SIGNAL_PROCESS_GROUP. > > > > Perhaps > > > > /* Only allow sending arbitrary signals to yourself. */ > > ret = -EPERM; > > if ((task_pid(current) != pid || type == PIDTYPE_PGID) && > > (kinfo.si_code >= 0 || kinfo.si_code == SI_TKILL) > > goto err; > > Honestly, we should probably just do: > > if (kinfo->si_code != SI_USER) > goto err Hmm. This doesn't look right. The purpose of the current check is to forbid SI_TKILL and si_code >= 0, and SI_USER == 0. SI_USER means that the target can trust the values of si_pid/si_uid in siginfo. > + if (kinfo.si_code != SI_USER) > goto err; See above... Oleg.
Powered by blists - more mailing lists