Re: Security modules and sending signals within the same process

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/30/18 10:14 AM, Florian Weimer wrote:
Is it guaranteed that tasks in the same thread group can always send
signals to each other, irrespective of their respective credentials
structs?

It's not clear to me whether this is always possible based on the
security_task_kill implementations I've examined.

I want to support per-thread setresuid/setresgid, but we also use
signals for inter-thread communication.  This is mainly for thread
cancellation; the setxgid stuff isn't needed for threads with private
credentials.  I wonder if I need to disable cancellation for threads
with such credentials.

(fixed selinux list address, which moved to vger)

Looks like commit 065add3941bd ("signals: check_kill_permission(): don't check creds if same_thread_group()") skipped the uid-based checks if the sender and target were in the same thread group, but not the security hook call. One could argue that the security hook call ought to be skipped in that case as well using the same rationale given in that commit. Nothing appears to guarantee the property you state above for security_task_kill implementations, although none of the in-tree users are based on uids or gids so setresuid/setresgid shouldn't affect them.



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux