Re: [PATCH 03/26] signal: Do not perform permission checks when sending pdeath_signal

From: Linus Torvalds
Date: Tue Jun 06 2017 - 16:01:46 EST

Next message: kbuild test robot: "Re: [PATCH V2] xen-evtchn: Bind dyn evtchn:qemu-dm interrupt to next online VCPU"
Previous message: John Brooks: "Re: [PATCH v2] checkpatch: Change format of --color argument to --color[=WHEN]"
In reply to: Eric W. Biederman: "[PATCH 03/26] signal: Do not perform permission checks when sending pdeath_signal"
Next in thread: Eric W. Biederman: "Re: [PATCH 03/26] signal: Do not perform permission checks when sending pdeath_signal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 6, 2017 at 12:03 PM, Eric W. Biederman
<ebiederm@xxxxxxxxxxxx> wrote:
>
> As this is more permisssive there is no chance anything will break.

Actually, I do worry about the security issues here.

The thing is, the parent may be some system daemon that wants to catch
SIGCHLD, but we've used prctl and changed pdeath_signal to something
else (like SIGSEGV or something).

Do we really want to be able to kill a system daemon that we couldn't
use kill() on directly, just because that system daemon spawned us?

So I think those permission checks may actually be a good idea.
Although possibly they should be in prctl()..

Linus

Next message: kbuild test robot: "Re: [PATCH V2] xen-evtchn: Bind dyn evtchn:qemu-dm interrupt to next online VCPU"
Previous message: John Brooks: "Re: [PATCH v2] checkpatch: Change format of --color argument to --color[=WHEN]"
In reply to: Eric W. Biederman: "[PATCH 03/26] signal: Do not perform permission checks when sending pdeath_signal"
Next in thread: Eric W. Biederman: "Re: [PATCH 03/26] signal: Do not perform permission checks when sending pdeath_signal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]