Cook: security things in Linux v5.1
Cook: security things in Linux v5.1
[Kernel] Posted May 29, 2019 16:59 UTC (Wed) by corbet
Kees Cook reviews
the security-related enhancements in the 5.1 kernel release.
"Now /proc/$pid can be opened and used as an argument for sending
signals with the new pidfd_send_signal() syscall. This handle will only
refer to the original process at the time the open() happened, and not to
any later 'reused' pid if the process dies and a new process is assigned
the same pid. Using this method, it’s now possible to racelessly send
signals to exactly the intended process without having to worry about pid
reuse. (BTW, this commit wins the 2019 award for Most Well Documented
Commit Log Justification.)
"