Re: [PATCH] kernel/signal: Signal-based pre-coredump notification

From: Enke Chen
Date: Mon Oct 15 2018 - 14:39:44 EST

Next message: Amit Kucheria: "[PATCH v1 1/4] dt: thermal: tsens: Add bindings for qcs404"
Previous message: Yu Zhao: "[PATCH] mm: detect numbers of vmstat keys/values mismatch"
In reply to: Christian Brauner: "Re: [PATCH] kernel/signal: Signal-based pre-coredump notification"
Next in thread: Jann Horn: "Re: [PATCH] kernel/signal: Signal-based pre-coredump notification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, Christian:

As I replied to Jann, I will remove the code that does the setting on others
to make the code simpler and more secure.

Thanks. -- Enke

>> +static bool set_predump_signal_perm(struct task_struct *p)
>> +{
>> + const struct cred *cred = current_cred(), *pcred = __task_cred(p);
>> +
>> + return uid_eq(pcred->uid, cred->euid) ||
>> + uid_eq(pcred->euid, cred->euid) ||
>> + capable(CAP_SYS_ADMIN);
>
> So before proceeding I'd like to discuss at least two points:
> - how does this interact with the dumpability of a process?
> - do we need the capable(CAP_SYS_ADMIN) restriction to init_user_ns?
> Seems we could make this work per-user-ns just like
> PRCTL_SET_PDEATHSIG does?
>
>> +}

Next message: Amit Kucheria: "[PATCH v1 1/4] dt: thermal: tsens: Add bindings for qcs404"
Previous message: Yu Zhao: "[PATCH] mm: detect numbers of vmstat keys/values mismatch"
In reply to: Christian Brauner: "Re: [PATCH] kernel/signal: Signal-based pre-coredump notification"
Next in thread: Jann Horn: "Re: [PATCH] kernel/signal: Signal-based pre-coredump notification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]