Another daemon for managing control groups
Another daemon for managing control groups
Posted Dec 14, 2013 12:48 UTC (Sat) by kleptog (subscriber, #1183)In reply to: Another daemon for managing control groups by Cyberax
Parent article: Another daemon for managing control groups
Is it just me, or is this example flawed:
Let's discuss a very simple SUID program - good old 'ping' utility. A user should be able to watch live its output, so some kind of shim utility should be used to transfer standard FDs to the DBUS service. This shim must also be running all the time while the DBUS ping service is running.Pressing Ctrl-C is different from sending a SIGINT. Namely, when you press Ctrl-C, the kernel sends a SIGINT to anything using that terminal. I imagine the shim would pass through all necessary file descriptors and hence CTRL-C will work fine.So far so good. But now I want to stop the service, so I press Ctrl-C. And nothing happens, unless the shim captures this signal and somehow communicates it to the DBUS service (oh, and don't forget to authenticate the transmission).
Would it be weird if you were allowed to Ctrl-C a process, but not be allowed to send it a signal from another terminal?
(Hmm, ping drops back to the normal user after opening the socket, does that mean another process could ptrace it and get access to the socket that way? ptrace block it now, but it is something to consider)