ebiederm at xmission.com (Eric W. Biederman) writes: > > Close. Our ultimate goal is to make it so that when you talk within > the kernel you use a struct pid not a pid_t value. Attacking the > cached pid_t values is merely a way finding those places. > > So fixing thing like the pid_t value passed as credentials in unix domain > sockets is a lot more important than fixing any use of process_session > that just goes to user space. > > The reason it is important is because different processes may be in different > pid namespaces and raw pid_t values just won't make sense while struct pid > references are pid namespace independent. The other reason for preferring a struct pid form is that it avoids unnecessary hash table lookups, that we get processing pid in pid_t form. Eric
