Re: [RFC][PATCH v2 5/5] signal: Don't allow accessing signal_struct by old threads after exec

On 04/05, Eric W. Biederman wrote: > > Oleg Nesterov writes: > > >> --- a/kernel/signal.c > >> +++ b/kernel/signal.c > >> @@ -995,6 +995,10 @@ static int __send_signal(int sig, struct siginfo > >> *info, struct task_struct *t, > >>from_ancestor_ns || (info ==

Re: [RFC][PATCH v2 5/5] signal: Don't allow accessing signal_struct by old threads after exec

On 04/05, Eric W. Biederman wrote: > > Oleg Nesterov writes: > > >> --- a/kernel/signal.c > >> +++ b/kernel/signal.c > >> @@ -995,6 +995,10 @@ static int __send_signal(int sig, struct siginfo > >> *info, struct task_struct *t, > >>from_ancestor_ns || (info ==

Re: [RFC][PATCH v2 5/5] signal: Don't allow accessing signal_struct by old threads after exec

Oleg Nesterov writes: > On 04/02, Eric W. Biederman wrote: >> >> Add exec_id to signal_struct and compare it at a few choice moments. > > I really dislike this change no matter what, sorry. > > Firstly, task_struct->*_exec_id should simply die (I already have the > patch), or at

Re: [RFC][PATCH v2 5/5] signal: Don't allow accessing signal_struct by old threads after exec

Oleg Nesterov writes: > On 04/02, Eric W. Biederman wrote: >> >> Add exec_id to signal_struct and compare it at a few choice moments. > > I really dislike this change no matter what, sorry. > > Firstly, task_struct->*_exec_id should simply die (I already have the > patch), or at least they

Re: [RFC][PATCH v2 5/5] signal: Don't allow accessing signal_struct by old threads after exec

On 04/02, Eric W. Biederman wrote: > > Add exec_id to signal_struct and compare it at a few choice moments. I really dislike this change no matter what, sorry. Firstly, task_struct->*_exec_id should simply die (I already have the patch), or at least they should be moved into signal_struct simply

Re: [RFC][PATCH v2 5/5] signal: Don't allow accessing signal_struct by old threads after exec

On 04/02, Eric W. Biederman wrote: > > Add exec_id to signal_struct and compare it at a few choice moments. I really dislike this change no matter what, sorry. Firstly, task_struct->*_exec_id should simply die (I already have the patch), or at least they should be moved into signal_struct simply

[RFC][PATCH v2 5/5] signal: Don't allow accessing signal_struct by old threads after exec

Add exec_id to signal_struct and compare it at a few choice moments. I believe this closes the security holes that letting the zombie threads linger after exec opens up. The problem is that old threads may have different creds after a setuid exec, and then formerly shared resources may change.

[RFC][PATCH v2 5/5] signal: Don't allow accessing signal_struct by old threads after exec

Add exec_id to signal_struct and compare it at a few choice moments. I believe this closes the security holes that letting the zombie threads linger after exec opens up. The problem is that old threads may have different creds after a setuid exec, and then formerly shared resources may change.