Re: [PATCH] exit: PR_SET_ANCHOR for marking processes as reapers for child processes

[Lennart Poettering]

On Thu, 04.03.10 15:08, Oleg Nesterov (oleg@xxxxxxxxxx) wrote:

> Should we clear ->child_anchor flags when the "sub-init" execs? Or,
> at least, when the task changes its credentials? Probably not, but
> dunno.

Since this flag is only useful for a very well defined type of processes
(i.e. session managers, supervising daemons, init systems) it might make
sense to reset it automatically when privs are dropped or we exec
something. After all, I don't see how we'd gain any useful functionality
when we allow this flag to continue to be set. However we would
certainly be on the safer side when we reset it, because that way it can
never leak it to processes that are differently privileged or do not
expect it.

So, for the sake of being on the safe side, I think we should reset the
flag on exec()/setuid().

> It is a bit strange that PR_SET_ANCHOR acts per-thread, not per
> process.

Yes, I agree, this should be per-process indeed.

Lennart

-- 
Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/           GnuPG 0x1A015CC4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/