diff for duplicates of <20190510201032.GA253532@google.com> diff --git a/a/1.txt b/N1/1.txt index 86ab298..87e9f26 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -25,7 +25,7 @@ open /proc/self/maps anymore, or open /proc/self/fd/*, and things like that, without making itself dumpable. I would be surprised if there is no code out there that relies on that. ->From what I can tell, without the introspection special case, +From what I can tell, without the introspection special case, introspection would fail in the following cases (assuming that the process is not capable and isn't using sys_setfs[ug]id()): diff --git a/a/content_digest b/N1/content_digest index cab128e..42a430b 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -55,7 +55,7 @@ "that, without making itself dumpable. I would be surprised if there is\n" "no code out there that relies on that.\n" "\n" - ">From what I can tell, without the introspection special case,\n" + "From what I can tell, without the introspection special case,\n" "introspection would fail in the following cases (assuming that the\n" "process is not capable and isn't using sys_setfs[ug]id()):\n" "\n" @@ -69,4 +69,4 @@ "since we don't have a clean slate, I'd be afraid of breaking things\n" with that. But maybe I'm just being overly careful here? -ad9e53997949b337e9dd358a54fe55ac0e6acd6dc8fc7fc4e44398b4c1239055 +8ec591bea67afcf97dd106e1f1f7453db81d6244de502adbea16104d51409209
diff --git a/a/1.txt b/N2/1.txt index 86ab298..09d5d8f 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -24,17 +24,3 @@ But this means, for example, that a non-root, non-dumpable process can't open /proc/self/maps anymore, or open /proc/self/fd/*, and things like that, without making itself dumpable. I would be surprised if there is no code out there that relies on that. - ->From what I can tell, without the introspection special case, -introspection would fail in the following cases (assuming that the -process is not capable and isn't using sys_setfs[ug]id()): - - - ruid/euid/suid are not all the same - - rgid/egid/sgid are not all the same - - process is not dumpable - -I think that there probably should be some way for a non-dumpable -process to look at its own procfs entries? If we could start from a -clean slate, I'd propose an opt-in flag to openat() for that, but -since we don't have a clean slate, I'd be afraid of breaking things -with that. But maybe I'm just being overly careful here? diff --git a/a/content_digest b/N2/content_digest index cab128e..87d1be9 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -25,7 +25,9 @@ Linus Torvalds <torvalds@linux-foundation.org> containers@lists.linux-foundation.org linux-fsdevel <linux-fsdevel@vger.kernel.org> - " Linux API <linux-api@vger.kernel.org>\0" + Linux API <linux-api@vger.kernel.org> + kernel list <linux-kernel@vger.kernel.org> + " linux-arch <linux-arch@vger.kernel.org>\0" "\00:1\0" "b\0" "On Tue, May 07, 2019 at 07:38:58PM -0500, Eric W. Biederman wrote:\n" @@ -53,20 +55,6 @@ "But this means, for example, that a non-root, non-dumpable process can't\n" "open /proc/self/maps anymore, or open /proc/self/fd/*, and things like\n" "that, without making itself dumpable. I would be surprised if there is\n" - "no code out there that relies on that.\n" - "\n" - ">From what I can tell, without the introspection special case,\n" - "introspection would fail in the following cases (assuming that the\n" - "process is not capable and isn't using sys_setfs[ug]id()):\n" - "\n" - " - ruid/euid/suid are not all the same\n" - " - rgid/egid/sgid are not all the same\n" - " - process is not dumpable\n" - "\n" - "I think that there probably should be some way for a non-dumpable\n" - "process to look at its own procfs entries? If we could start from a\n" - "clean slate, I'd propose an opt-in flag to openat() for that, but\n" - "since we don't have a clean slate, I'd be afraid of breaking things\n" - with that. But maybe I'm just being overly careful here? + no code out there that relies on that. -ad9e53997949b337e9dd358a54fe55ac0e6acd6dc8fc7fc4e44398b4c1239055 +6962a7568afcd5e4a441f7aa6bba76dae653cde93e5636f047c2194a00975a92
diff --git a/a/1.txt b/N3/1.txt index 86ab298..87e9f26 100644 --- a/a/1.txt +++ b/N3/1.txt @@ -25,7 +25,7 @@ open /proc/self/maps anymore, or open /proc/self/fd/*, and things like that, without making itself dumpable. I would be surprised if there is no code out there that relies on that. ->From what I can tell, without the introspection special case, +From what I can tell, without the introspection special case, introspection would fail in the following cases (assuming that the process is not capable and isn't using sys_setfs[ug]id()): diff --git a/a/content_digest b/N3/content_digest index cab128e..d60b5fc 100644 --- a/a/content_digest +++ b/N3/content_digest @@ -25,7 +25,9 @@ Linus Torvalds <torvalds@linux-foundation.org> containers@lists.linux-foundation.org linux-fsdevel <linux-fsdevel@vger.kernel.org> - " Linux API <linux-api@vger.kernel.org>\0" + Linux API <linux-api@vger.kernel.org> + kernel list <linux-kernel@vger.kernel.org> + " linux-arch <linux-arch@vger.kernel.org>\0" "\00:1\0" "b\0" "On Tue, May 07, 2019 at 07:38:58PM -0500, Eric W. Biederman wrote:\n" @@ -55,7 +57,7 @@ "that, without making itself dumpable. I would be surprised if there is\n" "no code out there that relies on that.\n" "\n" - ">From what I can tell, without the introspection special case,\n" + "From what I can tell, without the introspection special case,\n" "introspection would fail in the following cases (assuming that the\n" "process is not capable and isn't using sys_setfs[ug]id()):\n" "\n" @@ -69,4 +71,4 @@ "since we don't have a clean slate, I'd be afraid of breaking things\n" with that. But maybe I'm just being overly careful here? -ad9e53997949b337e9dd358a54fe55ac0e6acd6dc8fc7fc4e44398b4c1239055 +d8681717e4abcf7fc37ad3e869617e122dff891fe3086ebd9229c3074f8f7204
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.