On 09/30, Kees Cook wrote: > > On Fri, Sep 30, 2016 at 6:44 AM, Oleg Nesterov <oleg@xxxxxxxxxx> wrote: > > forgot to mention... > > > > On 09/30, Oleg Nesterov wrote: > >> > >> On 09/23, Jann Horn wrote: > >> > > >> > One reason for doing this is that it prevents an attacker from sending an > >> > arbitrary signal to a parent process after performing 2^32-1 execve() > >> > calls. > > > > No, sets ->exit_signal = SIGCHLD. So the only problem is that the parent > > can do clone(SIGKILL), then do execve() 2^32-1 times, then it can be killed > > by SIGKILL from the exiting child. > > > > Honestly, I do not think this is security problem. > > It's a corner case, to be sure. But even sending a SIGKILL across > privilege boundaries should not be allowed to happen. Agreed, and actually I need to take my words back, of course this is not nice security-wise. So lets kill these counters. At least they should not live in task_struct. Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
