From: Oleg Nesterov <oleg@redhat.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Brad Spengler <spender@grsecurity.net>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Colin Walters <walters@redhat.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: PATCH? fix unshare(NEWPID) && vfork()
Date: Mon, 19 Aug 2013 20:33:19 +0200 [thread overview]
Message-ID: <20130819183319.GA24846@redhat.com> (raw)
In-Reply-To: <CALCETrW+dEwR38ERQhx25-aw1dhsCE6X+9BQZJhusO88aUxN1A@mail.gmail.com>
On 08/19, Andy Lutomirski wrote:
>
> On Mon, Aug 19, 2013 at 10:25 AM, Oleg Nesterov <oleg@redhat.com> wrote:
> > Hello.
> >
> > Colin reports that vfork() doesn't work after unshare(PIDNS). The
> > reason is trivial, copy_process() does:
> >
> > /*
> > * If the new process will be in a different pid namespace
> > * don't allow the creation of threads.
> > */
> > if ((clone_flags & (CLONE_VM|CLONE_NEWPID)) &&
> > (task_active_pid_ns(current) != current->nsproxy->pid_ns))
> > return ERR_PTR(-EINVAL);
> >
> > and CLONE_VM obviously nacks vfork(). So perhaps we can relax
> > this check to CLONE_THREAD? Or should we really nack CLONE_VM
> > by security reasons?
> >
> > OTOH. Perhaps we should also deny CLONE_PARENT in this case?
> >
> > In short. So far I am thinking about the patch below but I got
> > lost and totally confused. Will try to think more tomorrow, but
> > I would like to see the fix from someone who still understands
> > this all.
> >
> > Oleg.
>
> By way of (partial) explanation:
>
> http://marc.info/?l=linux-kernel&m=135545831607095
Thanks... too late for me to even try to read this discussion today.
and I am a bit confused,
> (tl;dr: I think that CLONE_VM is irrelevant here, but there may be
> other issues lurking around.)
So do you think this change is fine or not (ignoring the fact it needs
cleanups) ?
Oleg.
next prev parent reply other threads:[~2013-08-19 18:39 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-19 17:25 PATCH? fix unshare(NEWPID) && vfork() Oleg Nesterov
2013-08-19 17:46 ` Linus Torvalds
2013-08-19 17:51 ` Oleg Nesterov
2013-08-19 18:10 ` Andy Lutomirski
2013-08-19 18:33 ` Oleg Nesterov [this message]
2013-08-19 18:40 ` Andy Lutomirski
2013-08-19 18:43 ` Oleg Nesterov
2013-08-20 17:55 ` Eric W. Biederman
2013-08-20 18:45 ` Oleg Nesterov
2013-08-20 20:52 ` Eric W. Biederman
2013-08-21 16:35 ` Oleg Nesterov
2013-08-22 16:47 ` Oleg Nesterov
2013-08-20 17:59 ` Andy Lutomirski
2013-08-20 18:50 ` Oleg Nesterov
2013-08-20 19:00 ` Andy Lutomirski
2013-08-20 19:05 ` Oleg Nesterov
2013-08-20 19:13 ` Andy Lutomirski
2013-08-20 19:23 ` Oleg Nesterov
2013-08-20 19:38 ` Andy Lutomirski
2013-08-21 12:24 ` Oleg Nesterov
2013-08-20 20:25 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130819183319.GA24846@redhat.com \
--to=oleg@redhat.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=spender@grsecurity.net \
--cc=torvalds@linux-foundation.org \
--cc=walters@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.