|
|
Subscribe / Log in / New account

Completing the pidfd API

Completing the pidfd API

Posted Jul 30, 2019 9:21 UTC (Tue) by cyphar (subscriber, #110703)
In reply to: Completing the pidfd API by ale2018
Parent article: Completing the pidfd API

We need to be very careful about adding read()/write() support to control-related fds -- because you can always spawn a setuid program with a different set of stdio fds and potentially trick it into reading/writing something that was not intended to the control fd (and if the permission checks aren't done on open()-time then you have just created a security bug).

to post comments

Completing the pidfd API

Posted Aug 1, 2019 7:16 UTC (Thu) by mezcalero (subscriber, #45103) [Link] (1 responses)

I think the lesson of this is probably not to introduce any new setuid programs anymore, and do privilege elevation only by IPC.

Completing the pidfd API

Posted Aug 2, 2019 9:14 UTC (Fri) by flussence (guest, #85566) [Link]

We should probably replace CAP_SYS_ADMIN programs (e.g. ffmpeg kmsgrab without running explicitly as root) with IPC first. setuid is less subversive, as at least it's visible in ls.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds