On Mon, Jan 23, 2012 at 8:56 AM, Oleg Nesterov <oleg@xxxxxxxxxx> wrote: > On 01/18, Chris Evans wrote: >> >> Thanks, Oleg. Seems like this would be a nice change to have. As we >> can see, people do use ptrace() as a security technology. > > OK, I'll send it. > >> With this in place, you can also (where possible) set up the tracee >> with PR_SET_PDEATHSIG==SIGKILL. And then, you have defences again >> either of the tracer or tracee dying from a stray SIGKILL. > > This can only help if the tracer is the natural parent, is it enough? > > Indan suggested PTRACE_O_SIGKILL_ON_DEATH, perhaps it makes sense. Yeah, this takes care of all cases. One caveat I can think of with the implementation: in the parent exit() path, the child's SIGKILL needs to be delivered _before_ the tracer is detached. Otherwise it might feasible wake up and run for a bit :) Cheers Chris > > Oleg. > -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
