Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 2 Feb 2021 09:23:54 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Andy Lutomirski' <luto@...nel.org>, "Jason A. Donenfeld"
	<Jason@...c4.com>
CC: Kernel Hardening <kernel-hardening@...ts.openwall.com>, LKML
	<linux-kernel@...r.kernel.org>, Jann Horn <jann@...jh.net>, Christian Brauner
	<christian.brauner@...onical.com>
Subject: RE: forkat(int pidfd), execveat(int pidfd), other awful things?

From: Andy Lutomirski
> Sent: 01 February 2021 18:30
...
> 2. A sane process creation API.  It would be delightful to be able to
> create a fully-specified process without forking.  This might end up
> being a fairly complicated project, though -- there are a lot of
> inherited process properties to be enumerated.

Since you are going to (eventually) load in a program image
have to do several system calls to create the process isn't
likely to be a problem.
So using separate calls for each property isn't really an issue
and solves the horrid problem of the API structure.

So you could create an embryonic process that inherits a lot
of stuff from the current process, the do actions that
sort out the fds, argv, namespace etc.
Finally running the new program.

It would probably make implement posix_spawn() easier.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.