Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes: > On Tue, Jun 6, 2017 at 12:03 PM, Eric W. Biederman > <ebiederm@xxxxxxxxxxxx> wrote: >> >> As this is more permisssive there is no chance anything will break. > > Actually, I do worry about the security issues here. > > The thing is, the parent may be some system daemon that wants to catch > SIGCHLD, but we've used prctl and changed pdeath_signal to something > else (like SIGSEGV or something). > > Do we really want to be able to kill a system daemon that we couldn't > use kill() on directly, just because that system daemon spawned us? > > So I think those permission checks may actually be a good idea. > Although possibly they should be in prctl().. To be clear. pdeath signal is the signal we receive when our parent dies. It is the parent death signal. AKA when the system daemon (or whatever is dies) what signal does the child process that called the prctl get? There is no chance of killing the system daemon that spawned us, as the signal only gets sent to ourselves. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
