From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.5 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF202C433B4 for ; Sat, 3 Apr 2021 21:34:25 +0000 (UTC) Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4756961262 for ; Sat, 3 Apr 2021 21:34:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4756961262 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=vt.edu Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernelnewbies-bounces@kernelnewbies.org Received: from localhost ([::1] helo=shelob.surriel.com) by shelob.surriel.com with esmtp (Exim 4.94) (envelope-from ) id 1lSnuD-0004nt-2S; Sat, 03 Apr 2021 17:34:09 -0400 Received: from mail-qk1-x72d.google.com ([2607:f8b0:4864:20::72d]) by shelob.surriel.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94) (envelope-from ) id 1lSnu8-0004nl-H5 for kernelnewbies@kernelnewbies.org; Sat, 03 Apr 2021 17:34:05 -0400 Received: by mail-qk1-x72d.google.com with SMTP id c4so8309153qkg.3 for ; Sat, 03 Apr 2021 14:34:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vt-edu.20150623.gappssmtp.com; s=20150623; h=sender:from:to:cc:subject:in-reply-to:references:mime-version :content-transfer-encoding:date:message-id; bh=n6p2RwnCqA0OSiCfWjXC4hwdMfW0Udh7S378D4Mm3uk=; b=MzgBl7rLUZUEE0HgGUwFgxrac25INlM0KO5UiU3vJje1npxeLemLU89DeuDKoe7pHN RQ1G7kgMCHQiU4F8yR6HcFY6lPmfZoCgTo9+wa4NLVS0m6U9LMIRqAGU8NUMk9j7zPlz 89+LIF0rOJgBjCnAIisFFz+i636t8wDiWwb2GwdJisjKCo5b1VemKa31eIDL+MMXhl+k QPn5/JoaTD4UjhAa2hQSUCp3smqiH+2JBUcHDgnD5O975o2SPTLfxw0mf+u7VlNjScB+ ZA5+XrDlMI6unCh4DPTxI6ECuLKW2/BQBGgEQqP7yA1IuzCFogj6OijMX1S5+v5UZd7o FsRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:in-reply-to:references :mime-version:content-transfer-encoding:date:message-id; bh=n6p2RwnCqA0OSiCfWjXC4hwdMfW0Udh7S378D4Mm3uk=; b=SGvhRP2jB2B/Ar1JC/CckSU9DZSie2BY1fJvn0IXWLTDYo6rbgLGNbikKKrCvFNvHf BU0GEPXzdjwyI6R4xC0ZW6kbQK8/6dMCSMyaL2axk8N8OBOKTzGDP3FeeXRoCwotgSkU WF0yN3mL0KaUco0yGKMq2HhFeS56StKRaCvSd+/aY03fnXvqC3/2UZ7BEJkxuMiK5HIt InmHxgIPl/xpNebNNFWTmbCjvacDj6wrCamkmeqRF8CiOcWmHK9PEbOT9zygb8AWi5cY n+VdT//cM0i2MNpXpaemI6PAOXpYJZ5kV/2XP03lysRbEEVmiykl/mOBJxbVccpURN4r Jblg== X-Gm-Message-State: AOAM532tMgA/PpI6rqq8h6+NeLK7+AZ/88tLc4zVpUVwH3TFuwie/vBz n4hNZV844T8fekhtGHSv/sB5fg== X-Google-Smtp-Source: ABdhPJywQ8sTEFPcj/KZ05BO4D3cYptBn9+dtPCT3AyhIYWm72sjnl6kfeJGImSYnvvsX3eoNv3Gqw== X-Received: by 2002:a37:6491:: with SMTP id y139mr18592866qkb.483.1617485642518; Sat, 03 Apr 2021 14:34:02 -0700 (PDT) Received: from turing-police ([2601:5c0:c380:d61::359]) by smtp.gmail.com with ESMTPSA id o125sm10101892qkf.87.2021.04.03.14.34.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 03 Apr 2021 14:34:01 -0700 (PDT) From: "Valdis Kl=?utf-8?Q?=c4=93?=tnieks" X-Google-Original-From: "Valdis Kl=?utf-8?Q?=c4=93?=tnieks" X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7+dev To: John Wood Subject: Re: Notify special task kill using wait* functions In-Reply-To: <20210403070226.GA3002@ubuntu> References: <20210330173459.GA3163@ubuntu> <79804.1617129638@turing-police> <20210402124932.GA3012@ubuntu> <106842.1617421818@turing-police> <20210403070226.GA3002@ubuntu> Mime-Version: 1.0 Date: Sat, 03 Apr 2021 17:34:01 -0400 Message-ID: <145687.1617485641@turing-police> Cc: kernelnewbies@kernelnewbies.org X-BeenThere: kernelnewbies@kernelnewbies.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Learn about the Linux kernel List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============7122724883622284434==" Errors-To: kernelnewbies-bounces@kernelnewbies.org --===============7122724883622284434== Content-Type: multipart/signed; boundary="==_Exmh_1617485640_94693P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit --==_Exmh_1617485640_94693P Content-Type: text/plain; charset=us-ascii On Sat, 03 Apr 2021 09:02:26 +0200, John Wood said: > Currently, the scenario you propose is fully mitigated :). And notifying to > userspace that all the tasks has been killed by "Brute" not decrease the > security. It adds the possibility that the supervisor adopts the correct policy. So how do you figure out how far up the chain you kill processes? What does a triple or quadruple fork do? How do you ensure that you deliver the notification to the correct supervisor? (Hint - walking backwards until you hit a process running as root isn't necessarily the right answer, especially once you consider containers and systems where gdm runs as non-root and other weird stuff..) Bonus points if you deal correctly with abuse of LD_PRELOAD to front-end a signal handler that catches SIGSEGV, without breaking the semantics of legitimate signal handlers... --==_Exmh_1617485640_94693P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Comment: Exmh version 2.9.0 11/07/2018 iQIVAwUBYGjfSAdmEQWDXROgAQIABA/9HSexvlgsFiC1MhiHFwVQSjkL7lWurwhd DgX7sgEH8nPOYciSA1IudBh1CfJlgGf4woEs6aB8yAO4+wVLe4MYMCb4L2/7KLZq umZRAtTkzYd5mrm/xoxHA5N6MemO8TOUCb5n8NT2GplLbHlYCyJsL+vnT4buXd8K acnP87Vn6Ms3K15eKMNuQ6hErUX3w+qoBz18RxRuHuy7pYBuCYo/zvFkOjFONZ81 Pnutk14ZF6ZX9bsd++GIFc06mKfQUS8TirBrQishJcwsAHU/0sj2Io86yigoKJmt rnHY3qH1zUPucKXQ8OvHR/Zb4g9KvkB9Bn2x2DgoIGwmrpTvFrqsny6SNLrXjuTs AbyBqwDDpRk4ADSVd+6MJKgQEzYzfu6jwKpxcLmqkhFhSztafeBYrlqohQVdxijd NYWiyKtXUJfza4HJQn11V9upoUMv4STm+AnoVqILBHGEZXgW3WdA1ZT07hBboEzd WltQ7ZHp5bMV1q+8Kz/zN3ALy9TSa9i49o23F3ueEE7HVamE9Qv84L5ZpjLHf06E InXvOu21x3vFi6VzDx6zr20m19uzDNu5lq5oFARcPxnDop1ozusdnUnj75gr/edl Og1U8WSCfT/aH95+qKBqb1EHCAbUFTyIJNoakfI8hh/bZAOlqw2Q1lVWHT6yRBtV aSFns/sazBA= =1tlW -----END PGP SIGNATURE----- --==_Exmh_1617485640_94693P-- --===============7122724883622284434== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies --===============7122724883622284434==--