Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 10 Jun 2014 17:01:52 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: musl 1.0.x branch

On Tue, Jun 10, 2014 at 08:19:40PM +0100, Laurent Bercot wrote:
> On 10/06/2014 18:37, Rich Felker wrote:
> >Sending the terminal fd over a socket with SCM_RIGHTS isn't
> >sufficient? If the privileged process has root, it should be able to
> >add itself to the process group of the client so that job control,
> >terminal signals, etc. work right.
> 
>  I may have missed something, but AFAICT, no, it cannot do that.
> 
>  From http://pubs.opengroup.org/onlinepubs/9699919799/functions/setpgid.html :
> 
>    setpgid() only allows the calling process to join a process group
>    already in use inside its session or create a new process group
>    whose process group ID was equal to its process ID.
> 
>  And I see nothing, not even setpgrp(), that could set the pgid to
> an arbitrary value.

It's really odd that they include that text only in the RATIONALE,
which is non-normative. Perhaps it's duplicated somewhere else? Note
that the part of the quote you cropped was (at the beginning) "To
provide tighter security," which suggests there's no reason this
condition would need to be applied to root, but maybe it is anyway.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.