RFC: Enforcing process hierarchies (`prctl` related)

Ciprian Dorin Craciun ciprian.craciun at gmail.com
Fri Aug 24 15:13:08 EDT 2012


On Fri, Aug 24, 2012 at 9:19 PM, Irina Stanescu <ironmissy at gmail.com> wrote:
> Hi!
>
> Search for process groups [1] and the setsid/getgid functions [2]. Having
> processes in the same process group will allow you to kill them based on
> their process group ids with killpg [3]. Hope this helps.


    I know about this functionality -- I've pointed to them myself in
the "Existing primitives" section -- but unfortunately they don't fit
the bill because they aren't "enforceable", they are kind of
"informative", as any process could easily just change it's group and
thus escape control.

    I'm trying to reach a solution where a "normal" process wouldn't
be able to escape such a supervision. By "normal" process I mean one
that doesn't use a vulnerability in the operating system or has
elevated privileges.

    But if you mentioned the process group functionality, maybe there
is a workaround to "enforce" the `setpgid` usage, that is by using the
latest `seccomp` filtering solution, one idea is that the controller
process to start a new process group and then forbid it's children
from using the `setpgid` (and friends) syscall.



More information about the Kernelnewbies mailing list