Re: [PATCH] kernel: introduce prctl(PR_LOG_UACCESS)
From: Steven Rostedt
Date: Wed Sep 22 2021 - 15:22:59 EST
On Wed, 22 Sep 2021 19:46:47 +0200
David Hildenbrand <david@xxxxxxxxxx> wrote:
> > All signals except SIGKILL and SIGSTOP are masked for the interval
> > between the prctl() and the next syscall in order to prevent handlers
> > for intervening asynchronous signals from issuing syscalls that may
> > cause uaccesses from the wrong syscall to be logged.
>
> Stupid question: can this be exploited from user space to effectively
> disable SIGKILL for a long time ... and do we care?
I first misread it too, but then caught my mistake reading it a second
time. It says "except SIGKILL". So no, it does not disable SIGKILL.
-- Steve