On Mon, Oct 21, 2002 at 05:16:27PM +0100, Alan Cox wrote:
> On Mon, 2002-10-21 at 15:54, Daniel Jacobowitz wrote:
> > On Mon, Oct 21, 2002 at 03:29:33PM +0100, Alan Cox wrote:
> > > On Thu, 2002-10-17 at 17:40, Daniel Jacobowitz wrote:
> > > > My only problem with this is that you're waiting for all threads by
> > > > SIGKILLing them. If a process vforks or clones, and then the child
> > > > crashes, the parent will receive a SIGKILL - iff we are dumping core.
> > > > That's a change in behavior that seems a bit too arbitrary to me.
> > >
> > > It also has a security impact when you construct a fork/fork/crash
> > > sequence that sends sigkill to the module loader or a kernel thread
> > > during start up that has not yet dropped its association with the user
> > > code.
> >
> > Why? It's not like userspace couldn't send that SIGKILL on its own,
> > right? If it's still killable it had better be safe to do so.
>
> The kernel side isnt, the signal handling isnt always "normal". Its the
> extreme case of the problem not the general one. Fixing the vfork/clone
> crash is doable, and one approach would be to solve the problem by
> saying "if you claim to be a thread group with the new style flags you
> get to be killed as a group and dumped as a group", with old stuff
> behaving like it always did before.
Which is what I'm trying to avoid... most of the world isn't using
CLONE_THREAD yet.
-- Daniel Jacobowitz MontaVista Software Debian GNU/Linux Developer - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:00:54 EST