> > Concept: a child should be able to create siblings (children of its
> > parent) if the parent lets it.
> >
> > clone() now has two new flags:
> > CLONE_PPIDOK : resulting child may create siblings
> > CLONE_PPID : resulting child should be a sibling
> Why do we need PPIDOK? What's the issue that I'm overlooking which
> makes it matter if a child can create siblings without the parent's
> okay? (lets ignore moral issues here and concentrate on security ones
> :-)
There may be code out there which gets confused on receiving a SIGCLD
for (or wait()ing on) a child which it doesn't remember creating.
Potentially confusing existing code is a security issue.
> If there is a security issue here which I've overlooked, do we need a
> mechanism for clearing the PPIDOK flag? Perhaps on exec()?
I haven't looked at the code, but it should (IMO) be cleared on exec
and on fork()s and clone()s which don't specify either of the new flags.
Matthew.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/