Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 11 Mar 2012 19:20:07 +0100
From: Oleg Nesterov <>
To: Solar Designer <>
Cc: Linus Torvalds <>,
        Djalal Harouni <>,,,
        Andrew Morton <>,
        Al Viro <>,
        Alexey Dobriyan <>,
        "Eric W. Biederman" <>,
        Vasiliy Kulikov <>,
        Kees Cook <>,
        WANG Cong <>,
        James Morris <>,,,
        Alan Cox <>,
        Greg KH <>, Ingo Molnar <>,
        Stephen Wilson <>,
        "Jason A. Donenfeld" <>
Subject: Re: exec_id protection from bad child exit signals (was: Re:
	[PATCH 0/9] proc: protect /proc/<pid>/* files across execve)

On 03/11, Solar Designer wrote:
> Actually, the original/historical purpose of the exec_id stuff was to
> protect privileged parent processes (those having done a SUID/SGID exec)
> from non-standard child exit signals, which could be set with clone().
> I think we may want to audit the current implementation and see if it
> still fully achieves the goal or maybe not (and fix it if not).

Funny that, I noticed this message only after I sent the question about
the current exec_id stuff.

> I include below pieces of the prototype implementation from
> linux-2.2.12-ow6.tar.gz released in 1999.

Perhaps I missed something, but ignoring the "cap_raised" issues, this
all is very simple. de_thread() should simply do:

	current->exit_signal = SIGCHLD;

	list_for_each_entry(p, &current->children, sibling)
		p->exit_signal = SIGCHILD;

The only problem is CLONE_PARENT.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.