Date: Tue, 13 Oct 2020 18:24:45 +0300 From: Alexey Izbyshev <izbyshev@...ras.ru> To: musl@...ts.openwall.com Subject: Re: Calling setxid() in a vfork()-child On 2020-10-13 05:47, Markus Wichmann wrote: > If dropping privileges is all you want, then posix_spawn() has a flag > for that. And if you are foregoing portability anyway by doing anything > between vfork() and execve(), might as well use clone() and do it > properly. > What do you mean by "do it properly"? Unless you mean doing syscalls, it seems that I'd have the same issues with clone() (with CLONE_VFORK, since I'm trying to avoid copying of page tables) as I do with vfork(). Namely, I'd still have to care about signals, and I wouldn't be able to safely call setxid() (and, frankly, anything else from a C library if we want a solution that's, while being Linux-specific, still portable across C libraries).
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.