Re: [PATCH v2 0/5] pid: add pidfd_open()

From: Yann Droneaud
Date: Mon Apr 01 2019 - 04:47:28 EST

Next message: Minas Harutyunyan: "Re: [PATCH 4/5] usb: dwc2: get optional clock by devm_clk_get_optional()"
Previous message: YueHaibing: "Re: [PATCH] dccp: Fix memleak in __feat_register_sp"
In reply to: Al Viro: "Re: [PATCH v2 0/5] pid: add pidfd_open()"
Next in thread: Jonathan Kowalski: "Re: [PATCH v2 0/5] pid: add pidfd_open()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Le lundi 01 avril 2019 Ã 02:52 +0200, Jann Horn a Ãcrit :

> One minor detail to keep in mind for the future is that in a
> straightforward implementation of this concept, if a non-capable
> process is running in a mount namespace, but in the initial network
> namespace, without any reachable /proc mount, it will be able to look
> at information about other processes' network connections by first
> using pidfd_open() on itself or by using clone(CLONE_PIDFD), then
> looking at the "net" directory under the resulting file descriptor.

I also think it would punch a hole in chroot() ... (but in 2019, nobody
should rely on it for security purpose).

Regards.

--
Yann Droneaud
OPTEYA

Next message: Minas Harutyunyan: "Re: [PATCH 4/5] usb: dwc2: get optional clock by devm_clk_get_optional()"
Previous message: YueHaibing: "Re: [PATCH] dccp: Fix memleak in __feat_register_sp"
In reply to: Al Viro: "Re: [PATCH v2 0/5] pid: add pidfd_open()"
Next in thread: Jonathan Kowalski: "Re: [PATCH v2 0/5] pid: add pidfd_open()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]