| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Mar 2010 23:55:14 +0100 (CET) From: Jan Engelhardt <jengelh@...ozas.de> To: "Eric W. Biederman" <ebiederm@...ssion.com> cc: "Serge E. Hallyn" <serue@...ibm.com>, Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com>, Pavel Emelyanov <xemul@...allels.com>, Linux Netdev List <netdev@...r.kernel.org>, containers@...ts.linux-foundation.org, Netfilter Development Mailinglist <netfilter-devel@...r.kernel.org>, Ben Greear <greearb@...delatech.com> Subject: Re: [RFC][PATCH] ns: Syscalls for better namespace sharing control. On Thursday 2010-03-04 22:45, Eric W. Biederman wrote: > >So an unshare of the pid namespace that doesn't really take effect >until we fork may actually be usable from pam, and in fact is probably >the preferred implementation. It looks like neither openssh nor login >from util-linux-ng will cope properly with getting any pid back from >wait() except the pid of their child. Correct; I can tell from experience with pam_mount. GDM for example is very unhappy if you fork/exit processes in PAM modules and don't hide the fact by bending SIGCHLD from gdm_handler to mypam_handler (which itself is racy, suppose GDM re-set the SIGCHLD handler midway through). (In this particular case however, I'd prefer if login programs like GDM just ignored any PIDs they did not spawn in the first place instead of moaning around.) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists