Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 Oct 2020 18:24:45 +0300
From: Alexey Izbyshev <>
Subject: Re: Calling setxid() in a vfork()-child

On 2020-10-13 05:47, Markus Wichmann wrote:
> If dropping privileges is all you want, then posix_spawn() has a flag
> for that. And if you are foregoing portability anyway by doing anything
> between vfork() and execve(), might as well use clone() and do it
> properly.
What do you mean by "do it properly"? Unless you mean doing syscalls, it 
seems that I'd have the same issues with clone() (with CLONE_VFORK, 
since I'm trying to avoid copying of page tables) as I do with vfork(). 
Namely, I'd still have to care about signals, and I wouldn't be able to 
safely call setxid() (and, frankly, anything else from a C library if we 
want a solution that's, while being Linux-specific, still portable 
across C libraries).

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.