Notify special task kill using wait* functions

Valdis Kl=?utf-8?Q?=c4=93?=tnieks valdis.kletnieks at
Fri Apr 9 19:28:20 EDT 2021

On Fri, 09 Apr 2021 08:06:21 -0700, Andi Kleen said:

> Thinking more about it what I wrote above wasn't quite right. The cache
> would only need to be as big as the number of attackable services/suid
> binaries. Presumably on many production systems that's rather small,
> so a cache (which wouldn't actually be a cache, but a complete database)
> might actually work.

You also need to consider non-suid things called by suid things that don't
sanitize input sufficiently before invocation...

Thinking about at - is it really a good thing to try to do this in kernelspace?
Or is 'echo 1 > /proc/sys/kernel/print-fatal-signals' and a program to watch
the dmesg and take action more appropriate?  A userspace monitor would
have more options (though a slightly higher risk of race conditions).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <>

More information about the Kernelnewbies mailing list