On Tue, Apr 28, 2020 at 12:08 PM Oleg Nesterov <[email protected]> wrote: > > Oops. I can update that old patch but somehow I thought there is a better > plan which I don't yet understand...
I don't think any plan survived reality.
Unless we want to do something *really* hacky.. The attached patch is
not meant to be serious.
> And, IIRC, Jan had some ideas how to rework the new creds calculation in
> execve paths to avoid the cred_guard_mutex deadlock?
I'm not sure how you'd do that.
Execve() fundamentally needs to serialize with PTRACE_ATTACH somehow,
since the whole point is that "tsk->ptrace" changes how the
credentials are interpreted.
So PTRACE_ATTACH doesn't really _change_ the credentials, but it very
much changes what execve() will do with them.
But I guess we could do a "if somebody attached to us while we did the
execve(), just repeat the whole thing"
Jann, what was your clever idea? Maybe it got lost in the long thread..
Linus
patch
Description: Binary data
