On Fri, May 08, 2020 at 01:47:10PM -0500, Eric W. Biederman wrote: > > Move the handing of the point of no return from search_binary_handler > into __do_execve_file so that it is easier to find, and to keep > things robust in the face of change. > > Make it clear that an existing fatal signal will take precedence over > a forced SIGSEGV by not forcing SIGSEGV if a fatal signal is already > pending. This does not change the behavior but it saves a reader > of the code the tedium of reading and understanding force_sig > and the signal delivery code. > > Update the comment in begin_new_exec about where SIGSEGV is forced. > > Keep point_of_no_return from being a mystery by documenting > what the code is doing where it forces SIGSEGV if the > code is past the point of no return. > > Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> I had to read the code around these changes a bit carefully, but yeah, this looks like a safe cleanup. It is a behavioral change, though (in that in unmasks non-SEGV fatal signals), so I do wonder if something somewhere might notice this, but I'd agree that it's the more robust behavior. Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
