From: Michael Kerrisk <mtk-manpages@gmx.net>
To: Marcel Holtmann <marcel@holtmann.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Reset current->pdeath_signal on SUID binary execution
Date: Mon, 27 Aug 2007 17:32:50 +0200 [thread overview]
Message-ID: <46D2EEA2.6070501@gmx.net> (raw)
In-Reply-To: <1187857271.15402.20.camel@violet>
Marcel,
>> the attached patch fixes a flaw in the "parent process death signal"
>> when executing SUID binaries. An unprivileged user may send arbitrary
>> signal to a child process even if it is running with higher privileges.
>>
>> The idea to fix this issue is to reset pdeath_signal not only on fork,
>> but also on the execution of a SUID binary.
>>
>> Michael, if we fix it this way, then the prctl() manual page should
>> reflect that behavior.
>
> the patch has been merged into 2.4 and 2.6, so the manual page needs an
> update at some point.
I see your patch at:
http://article.gmane.org/gmane.linux.kernel/571635/match=pdeath%5fsignal+suid+binary+execution
But it's not clear to me in which 2.4.x and 2.6.x versions the change occurred (it isn't in 2.6.23-rc3 -- is it scheduled
for 2.6.23-rc4?). Can you enlighten me?
Cheers,
Michael
>> From comments it seems that we have to also reset pdeath_signal inside
>> LSM when it comes to capability-raised executes, but I must admit that I
>> got lost there.
>
> No further comments for this one? I am not familiar enough with it.
>
> Regards
>
> Marcel
>
>
--
Michael Kerrisk
maintainer of Linux man pages Sections 2, 3, 4, 5, and 7
Want to help with man page maintenance? Grab the latest tarball at
http://www.kernel.org/pub/linux/docs/manpages/
read the HOWTOHELP file and grep the source files for 'FIXME'.
next prev parent reply other threads:[~2007-08-27 15:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-17 19:47 [PATCH] Reset current->pdeath_signal on SUID binary execution Marcel Holtmann
2007-08-23 8:21 ` Marcel Holtmann
2007-08-27 15:32 ` Michael Kerrisk [this message]
2007-08-27 16:28 ` Linus Torvalds
2012-04-23 9:34 ` Michael Kerrisk (man-pages)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46D2EEA2.6070501@gmx.net \
--to=mtk-manpages@gmx.net \
--cc=linux-kernel@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.