Re: [PATCH] proc: allow killing processes via file descriptors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Nov 18, 2018 at 01:28:41PM -0700, Andy Lutomirski wrote:
> 
> 
> > On Nov 18, 2018, at 12:44 PM, Daniel Colascione <dancol@xxxxxxxxxx> wrote:
> > 
> 
> > 
> > That is, I'm proposing an API that looks like this:
> > 
> > int process_kill(int procfs_dfd, int signo, const union sigval value)
> > 
> > If, later, process_kill were to *also* accept process-capability FDs,
> > nothing would break.
> 
> Except that this makes it ambiguous to the caller as to whether their current creds are considered.  So it would need to be a different syscall or at least a flag.  Otherwise a lot of those nice theoretical properties go away.

I can add a flag argument
int process_signal(int procfs_dfd, int signo, siginfo_t *info, int flags)
The way I see it process_signal() should be equivalent to kill(pid, signal) for now.
That is siginfo_t is cleared and set to:

info.si_signo = sig;
info.si_errno = 0;
info.si_code = SI_USER;
info.si_pid = task_tgid_vnr(current);
info.si_uid = from_kuid_munged(current_user_ns(), current_uid());

> 
> > Yes, that's what I have in mind. A siginfo_t is small enough that we
> > could just store it as a blob allocated off the procfs inode or
> > something like that without bothering with a shmfs file. You'd be able
> > to read(2) the exit status as many times as you wanted.
> 
> I think that, if the syscall in question is read(2), then it should work *once* per struct file.  Otherwise running cat on the file would behave very oddly.
> 
> Read and poll have the same problem as write: we can’t check caps in read or poll either.



[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux