From: Solar Designer <solar@openwall.com>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Sergey Vlasov <vsu@altlinux.ru>,
Linus Torvalds <torvalds@osdl.org>,
vendor-sec@lst.de, linux-kernel@vger.kernel.org,
security@linux.kernel.org
Subject: Re: PID reuse safety for userspace apps (Re: [linux-usb-devel] Re: [Security] [vendor-sec] [BUG/PATCH/RFC] Oops while completing async USB via usbdevio)
Date: Wed, 28 Sep 2005 01:03:31 +0400 [thread overview]
Message-ID: <20050927210331.GA4879@openwall.com> (raw)
In-Reply-To: <1127853252.10674.9.camel@localhost.localdomain>
Perhaps I should have dropped the old Subject completely, despite the
topic I brought up being related to what was discussed. I am talking
about PID reuse related issues in userspace apps that appear to require
an additional kernel interface to be resolved.
On Tue, Sep 27, 2005 at 09:34:11PM +0100, Alan Cox wrote:
> On Maw, 2005-09-27 at 21:20 +0400, Solar Designer wrote:
> > The idea is to introduce a kernel call (it can be a prctl(2) setting,
> > although my pseudo-code "defines" an entire syscall for simplicity)
> > which would "lock" the invoking process' view of a given PID (while
> > letting the PID get reused - so there's no added risk of DoS).
>
> You can solve it just as well in kernel space without application
> changes.
Not really. For example, the kernel currently has no idea, and no
reliable way to find out, that killall(1) has taken note of a PID and is
about to kill it.
> Given a refcounted structure something like
>
> struct pidref {
> atomic_t ref;
> struct pidref *next, *prev;
> pid_t pid;
> };
>
> and a hash you can take a pid reference whenever you hang onto a pid in
> kernel space and check what should be a tiny if not empty hash in the
> normal cases whenever you allocate a pid.
That would work for certain in-kernel issues.
If we would let userspace apps lock PIDs like that, there would be added
DoS risk that would need to be dealt with (e.g., by letting a process
lock only one other PID - provided that the PID space is sufficiently
large that having a half of it locked is not a problem). But I do not
see a reason to go for that complexity. My proposal avoids it.
(A hash table could be used along with my proposal as well to speed
things up, but it would not affect _allocation_ of PIDs. Rather, only
the "locking" process's view would be affected by the "lock".)
--
Alexander
next prev parent reply other threads:[~2005-09-27 21:04 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-25 15:13 [BUG/PATCH/RFC] Oops while completing async USB via usbdevio Harald Welte
2005-09-27 8:04 ` [vendor-sec] " Greg KH
2005-09-27 9:13 ` Greg KH
[not found] ` <20050927110319.GD1980@piware.de>
2005-09-27 12:22 ` [vendor-sec] " Greg KH
2005-09-27 12:48 ` [vendor-sec] " Christoph Hellwig
2005-09-27 12:57 ` Greg KH
2005-09-27 12:59 ` Christoph Hellwig
2005-09-27 13:09 ` Greg KH
2005-09-27 15:27 ` David Brownell
2005-09-27 14:53 ` [Security] " Linus Torvalds
2005-09-27 16:00 ` [linux-usb-devel] " Sergey Vlasov
2005-09-27 16:09 ` Linus Torvalds
2005-09-27 16:52 ` Sergey Vlasov
2005-09-27 17:02 ` Linus Torvalds
2005-09-30 10:47 ` Harald Welte
2005-09-30 14:56 ` Linus Torvalds
2005-09-30 18:44 ` Chris Wright
2005-09-30 19:27 ` Linus Torvalds
2005-09-30 20:38 ` Chris Wright
2005-09-30 22:08 ` Harald Welte
2005-09-30 22:16 ` Linus Torvalds
2005-10-10 17:44 ` Harald Welte
2005-10-10 18:07 ` Chris Wright
2005-10-11 9:45 ` Harald Welte
2005-10-11 23:10 ` [vendor-sec] " Greg KH
2005-10-11 23:44 ` Linus Torvalds
2005-10-12 7:24 ` Harald Welte
2005-10-13 5:51 ` Horms
2005-10-11 13:57 ` Bernd Petrovitsch
2005-10-10 18:19 ` Linus Torvalds
2005-10-10 22:47 ` Chris Wright
2005-10-10 20:03 ` [linux-usb-devel] " Alan Stern
2005-10-11 8:28 ` Harald Welte
2005-10-11 17:37 ` Paul Jackson
2005-10-11 17:58 ` linux-os (Dick Johnson)
2005-10-11 19:13 ` Alan Stern
2005-10-11 20:02 ` [Security] " Alan Cox
2005-09-27 17:20 ` PID reuse safety for userspace apps (Re: [linux-usb-devel] Re: [Security] [vendor-sec] [BUG/PATCH/RFC] Oops while completing async USB via usbdevio) Solar Designer
2005-09-27 20:34 ` Alan Cox
2005-09-27 20:42 ` Linus Torvalds
2005-09-27 21:16 ` Solar Designer
2005-09-27 21:03 ` Solar Designer [this message]
2005-09-27 16:58 ` [linux-usb-devel] Re: [Security] [vendor-sec] [BUG/PATCH/RFC] Oops while completing async USB via usbdevio Alan Cox
2005-09-27 16:59 ` Linus Torvalds
2005-09-27 20:35 ` Alan Cox
2005-10-13 23:00 ` Pete Zaitcev
2005-10-13 23:16 ` Linus Torvalds
2005-10-13 23:56 ` Pete Zaitcev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050927210331.GA4879@openwall.com \
--to=solar@openwall.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=security@linux.kernel.org \
--cc=torvalds@osdl.org \
--cc=vendor-sec@lst.de \
--cc=vsu@altlinux.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox