[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: establishing the callers PID

From: Thomas Bushnell, BSG
Subject: Re: establishing the callers PID
Date: 11 May 2002 18:02:18 -0700
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2

Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de> writes:

> I think it is absolutely mandatory that we establish the PID in a
> trustworthy way rather than let the user provide some unique ID on its own.
> I think there is already a place in the Hurd where we should do that but
> don't (wasn't that term's term_open_ctty?), and there are all sort of simple
> attacks possible if we can't trust the PID (eg a monitor server might check
> for stale advisory locks and kill processes that don't release them timely. 
> In the untrusted model, a user could make this monitor process kill
> arbitrary processes on the system).

Nope; a malicious filesystem could just return bogus PID values too.

I don't think this is a serious security issue, actually.  Such a
monitor depends on an awful lot--it's not a strict Posix program


reply via email to

[Prev in Thread] Current Thread [Next in Thread]