On Sat, Mar 30, 2019 at 9:47 PM Jann Horn <jannh@xxxxxxxxxx> wrote: > > Sure, given a pidfd_clone() syscall, as long as the parent of the > process is giving you a pidfd for it and you don't have to deal with > grandchildren created by fork() calls outside your control, that > works. Don't do pidfd_clone() and pidfd_wait(). Both of those existing system calls already get a "flags" argument. Just make a WPIDFD (for waitid) and CLONE_PIDFD (for clone) bit, and make the existing system calls just take/return a pidfd. Side note: we could (should?) also make the default maxpid just be larger. It needs to fit in an 'int', but MAXINT instead of 65535 would likely alreadt make a lot of these attacks harder. There was some really old legacy reason why we actually limited it to 65535 originally. It was old and crufty even back when.. Linus Linus