Re: scope of cred_guard_mutex.

From: Kees Cook
Date: Fri Apr 07 2017 - 18:07:38 EST

Next message: Daniel Lezcano: "Re: [PATCH 1/3 RESEND] clocksource: Augment bindings for Faraday timer"
Previous message: Daniel Lezcano: "Re: [PATCH 1/3 RESEND] clocksource: Augment bindings for Faraday timer"
In reply to: Oleg Nesterov: "Re: scope of cred_guard_mutex."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 6, 2017 at 8:55 AM, Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
> And this makes me think again that we need to restart this discusion with
> more CC's.

I'm a fan of that; I've not been able to follow this thread as it
seems to have gone far from the original deadlock problem. :) I've
seen issues with ptrace, zombies, and now exec. I'm lost. :P

>> Partly I object because your understanding and my understanding of
>> cred_guard_mutex are very different.
>>
>> As I read and understand the code the job of cred_guard_mutex is to keep
>> ptrace (and other threads of the proccess) from interferring in
>> exec and to ensure old resources are accessed with permission checks
>> using our original credentials and that new and modified resources are
>> accessed with permission checks using our new credentials.
>
> Yes, this is clear.

Maybe stupid idea: can we get a patch that just adds this kind of
documentation somewhere in the source? If we can agree on the purpose
of cred_guard_mutex, and get it into the code, that seems like a good
step in discussion...

-Kees

--
Kees Cook
Pixel Security

Next message: Daniel Lezcano: "Re: [PATCH 1/3 RESEND] clocksource: Augment bindings for Faraday timer"
Previous message: Daniel Lezcano: "Re: [PATCH 1/3 RESEND] clocksource: Augment bindings for Faraday timer"
In reply to: Oleg Nesterov: "Re: scope of cred_guard_mutex."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]