From: Cedric Le Goater <clg-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
Oleg Nesterov <oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>,
Pavel Emelianov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
Subject: Re: [PATCH] Masquerade sender information
Date: Fri, 02 Nov 2007 15:05:48 +0100 [thread overview]
Message-ID: <472B2EBC.3010504@fr.ibm.com> (raw)
In-Reply-To: <m1mytxewb0.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
Eric W. Biederman wrote:
> sukadev-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org writes:
>
>> +static void masquerade_sender(struct task_struct *t, struct sigqueue *q)
>> +{
>> + /*
>> + * If the sender does not have a pid_t in the receiver's active
>> + * pid namespace, set si_pid to 0 and pretend signal originated
>> + * from the kernel.
>> + */
>> + if (!pid_ns_equal(t)) {
>> + q->info.si_pid = 0;
>> + q->info.si_uid = 0;
>> + q->info.si_code = SI_KERNEL;
>> + }
>> +}
>
> It looks like we are hooked in the right place. However the way we
> are handling this appears wrong.
>
> First. If we have an si_code that does not use si_pid then we should
> not be changing si_pid, because the structure is a union and that field
> is not always a pid value.
>
>
> My gut feel says the code should be something like:
>
> switch (q->info->si_code & __SI_MASK) {
> case __SI_KILL:
> case __SI_CHILD:
> case __SI_RT:
> case __MESQ:
> q->info->si_pid = task_pid_nr_ns(current, t->nsproxy->pid_ns);
> break;
> }
IMHO, it should be
q->info->si_pid = 0.
we're trying to cover the case where the sender does not have a pid_t in
the receiver's active pid namespace.
C.
next prev parent reply other threads:[~2007-11-02 14:05 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-27 19:02 [PATCH] Masquerade sender information sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20071027190216.GB10397-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-10-29 20:06 ` Eric W. Biederman
[not found] ` <m1hck9ofcz.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-11-01 16:50 ` Serge E. Hallyn
[not found] ` <20071101165026.GA25234-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2007-11-02 13:40 ` Cedric Le Goater
[not found] ` <472B28C8.8020302-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-11-02 13:45 ` Serge E. Hallyn
2007-11-01 16:59 ` Eric W. Biederman
[not found] ` <m1mytxewb0.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-11-02 14:05 ` Cedric Le Goater [this message]
[not found] ` <472B2EBC.3010504-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-11-04 4:12 ` Eric W. Biederman
2007-11-01 17:03 ` Pavel Emelyanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=472B2EBC.3010504@fr.ibm.com \
--to=clg-nmtc/0zbporqt0dzr+alfa@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.