[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
|
|
Subscribe / Log in / New account

Rethinking race-free process signaling

Rethinking race-free process signaling

Posted Apr 7, 2019 16:12 UTC (Sun) by luto (subscriber, #39314)
In reply to: Rethinking race-free process signaling by jkowalski
Parent article: Rethinking race-free process signaling

Capabilities to do things to processes are a great model, and they make sense on Windows, L4-like microkernels, and many other systems. They’re rather busted on POSIX, though, since a process can execute a setuid program or an LSM-labeled program can gain privilege.

to post comments

Rethinking race-free process signaling

Posted Apr 7, 2019 19:31 UTC (Sun) by jkowalski (guest, #131304) [Link]

... which is why if you want to do this with pidfds, you really want CAP_KILL on part of the opener (or cloning entity) in the owning userns.

You could also make it available to things with NNP set, and when cloning children, the PRIV_KILL, then pass it around, send signals. These all checks happen when the flag is used during pidfd_open or clonefd or whatever.

Do you see other cases where it could be a problem?


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds