Hi Pavan... On Thu, Sep 2, 2010 at 22:09, Pavan Savoy <pavan_savoy@xxxxxxxx> wrote: > Hi, > > I use kill_pid in one of our drivers to signal a user-space daemon to > perform a particular action (open-UART for instance), I recently ran > into problems with permissions as to when a user with stranger UID > started open up a device, which internally calls the kill_pid in that > context, could not send the signal and returned with "permission > denied". Hmm.... what if you create a char device, make the daemon select() to this file...and through this char file, you send the neccessary command? what do you think? or you stay with signal...but directly manipulate the sigset (signal set, the structure that represents the queue of the signal on a certain task_struct IIRC). Forgot which functions that do that..so try to explore it. > I started using kill_pid_info_as_uid and sent signals as UID 0 to > solve the problem, it did solve the problem, but is this the right > approach? In the sense of simplicity, I say "yes, you can do that way". But when you think about security, I don't think it's wise. Just think..what happen if it's a malicious program that send unexpected pattern thus triggering "crazy" command on the target daemon? or at least, that means anybody could send any command to the daemon. Do you really really believe you can trust *any* user in the system? > Also why is not suggested to use kill_pid and family to communicate > with user-space? (namespace issues??- what do they mean?) Namespace? ok..in short words, it's like "realm". We have PID namespaces, meaning array of PIDs in certain realms. You use virtual machine sometimes, right? virtual machines create "pid" too, it's just it's not a real PID like the one that represents a task in real host. Filesystem namespace.....perhaps confusing too....you ever use chroot? that's a good example...you leave one root based filesystem (ones that mounted in /etc/fstab and all of your manual mount command)...and switch into chrooted filesystem. Spell it slowly..."name"...."space"... space of names.... dimension...realm...you call it ;) -- regards, Mulyadi Santosa Freelance Linux trainer and consultant blog: the-hydra.blogspot.com training: mulyaditraining.blogspot.com -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
