Notify special task kill using wait* functions
Valdis Kl=?utf-8?Q?=c4=93?=tnieks
valdis.kletnieks at vt.edu
Fri Apr 9 19:28:20 EDT 2021
On Fri, 09 Apr 2021 08:06:21 -0700, Andi Kleen said:
> Thinking more about it what I wrote above wasn't quite right. The cache
> would only need to be as big as the number of attackable services/suid
> binaries. Presumably on many production systems that's rather small,
> so a cache (which wouldn't actually be a cache, but a complete database)
> might actually work.
You also need to consider non-suid things called by suid things that don't
sanitize input sufficiently before invocation...
Thinking about at - is it really a good thing to try to do this in kernelspace?
Or is 'echo 1 > /proc/sys/kernel/print-fatal-signals' and a program to watch
the dmesg and take action more appropriate? A userspace monitor would
have more options (though a slightly higher risk of race conditions).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20210409/e654f0bf/attachment.sig>
More information about the Kernelnewbies
mailing list