On 02/16, Christian Brauner wrote: > > On Wed, Feb 14, 2024 at 01:36:56PM +0100, Oleg Nesterov wrote: > > > > and I am not sure that task_pid(current) == pid should allow > > the "arbitrary signals" if PIDFD_SIGNAL_PROCESS_GROUP. > > > > Perhaps > > > > /* Only allow sending arbitrary signals to yourself. */ > > ret = -EPERM; > > if ((task_pid(current) != pid || type == PIDTYPE_PGID) && > > (kinfo.si_code >= 0 || kinfo.si_code == SI_TKILL) > > goto err; > > Honestly, we should probably just do: > > if (kinfo->si_code != SI_USER) > goto err Hmm. This doesn't look right. The purpose of the current check is to forbid SI_TKILL and si_code >= 0, and SI_USER == 0. SI_USER means that the target can trust the values of si_pid/si_uid in siginfo. > + if (kinfo.si_code != SI_USER) > goto err; See above... Oleg.
