* Potential security problem in patch: Fix reading /proc/<pid>/mem when parent dies.
[not found] <200411181704.iAIH4SSb023079@hera.kernel.org>
@ 2004-11-18 23:27 ` Alan Cox
2004-11-19 0:52 ` Linus Torvalds
0 siblings, 1 reply; 3+ messages in thread
From: Alan Cox @ 2004-11-18 23:27 UTC (permalink / raw)
To: Linux Kernel Mailing List, torvalds
On Iau, 2004-11-18 at 16:01, Linux Kernel Mailing List wrote:
> ChangeSet 1.2155, 2004/11/18 08:01:00-08:00, torvalds@ppc970.osdl.org
>
> Fix reading /proc/<pid>/mem when parent dies.
>
> We should not touch "self_exec_id" here. The parent changed,
> not we.
The original point of this was that if our parent changed then our new
parent is not aware of our special status. As a result we can send
random signals to init and since it does not see SIGCLD we can get
zombies or worse when we exit.
The original code was correct here for protecting init. The side effect
does need fixing but not this way. Perhaps it would be simpler just to
protect init as it is already "special" for signal handling.
Alan
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Potential security problem in patch: Fix reading /proc/<pid>/mem when parent dies.
2004-11-19 0:52 ` Linus Torvalds
@ 2004-11-19 0:00 ` Alan Cox
0 siblings, 0 replies; 3+ messages in thread
From: Alan Cox @ 2004-11-19 0:00 UTC (permalink / raw)
To: Linus Torvalds; +Cc: Linux Kernel Mailing List
On Gwe, 2004-11-19 at 00:52, Linus Torvalds wrote:
> How could we send random signals? That's what the "exit_signal" thing is
> for, and the code does
>
> if (p->exit_signal != -1)
> p->exit_signal = SIGCHLD;
>
> for that.
>
> Is there any other way to set exit_signal afterwards? If so, I think we
> should have a security check at _that_ point.
Ok that makes sense now I look harder at it. While it was added to
protect agains that case the code you quote already covers all the cases
I can see. We can clone new threads but they too will get reparented or
will simply kill us.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Potential security problem in patch: Fix reading /proc/<pid>/mem when parent dies.
2004-11-18 23:27 ` Potential security problem in patch: Fix reading /proc/<pid>/mem when parent dies Alan Cox
@ 2004-11-19 0:52 ` Linus Torvalds
2004-11-19 0:00 ` Alan Cox
0 siblings, 1 reply; 3+ messages in thread
From: Linus Torvalds @ 2004-11-19 0:52 UTC (permalink / raw)
To: Alan Cox; +Cc: Linux Kernel Mailing List
On Thu, 18 Nov 2004, Alan Cox wrote:
>
> The original point of this was that if our parent changed then our new
> parent is not aware of our special status. As a result we can send
> random signals to init and since it does not see SIGCLD we can get
> zombies or worse when we exit.
How could we send random signals? That's what the "exit_signal" thing is
for, and the code does
if (p->exit_signal != -1)
p->exit_signal = SIGCHLD;
for that.
Is there any other way to set exit_signal afterwards? If so, I think we
should have a security check at _that_ point.
Linus
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-11-19 1:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <200411181704.iAIH4SSb023079@hera.kernel.org>
2004-11-18 23:27 ` Potential security problem in patch: Fix reading /proc/<pid>/mem when parent dies Alan Cox
2004-11-19 0:52 ` Linus Torvalds
2004-11-19 0:00 ` Alan Cox
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox