| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090805132948.GA31272@us.ibm.com> Date: Wed, 5 Aug 2009 08:29:48 -0500 From: "Serge E. Hallyn" <serue@...ibm.com> To: Dan Smith <danms@...ibm.com> Cc: containers@...ts.osdl.org, Alexey Dobriyan <adobriyan@...il.com>, netdev@...r.kernel.org Subject: Re: [PATCH 5/5] c/r: Add AF_UNIX support (v7) Quoting Dan Smith (danms@...ibm.com): > SH> why only free iov_base if ret!=0? > > Because I was diagnosing a crash that only seemed to happen when I > free()'d the buffer after it was used by sendmsg() and I forgot to > remove this :( > > >> + a->sk_peercred.pid = task_tgid_vnr(current); > >> + a->sk_peercred.uid = ctx->realcred->uid; > > SH> I don't know how much it matters, but of course root could be > SH> restarting a set of tasks owned by several non-root uids, and the > SH> peercred.uid's might need to be something other than > ctx-> realcred->uid. Or not? > > Oh, so you're suggesting I use ctx->ecred instead? I didn't actually > notice the double declaration in the ckpt_ctx, but I guess that would > be better. No, I'm suggesting that the checkpointed application might have had tasks owned by uids 0, 3, 55, and 1001, and a.peercred.uid might have been 1001, right? current, ctx->realcred->uid, and ctx->ecred might all be different uids. I think you just need to checkpoint the uid (eventually an objref to a checkpointed user struct so we can also catch the user namespace). -serge -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists