On Wed, Oct 31, 2018 at 5:54 PM, Tycho Andersen <ty...@tycho.ws> wrote: > Why not just use an ioctl() like Jann suggested instead of this big > security check? Then we avoid the whole setuid writer thing entirely,
Don't you think a system call would be better than a new ioctl? With either an ioctl or a new system call, though, the shell would need a helper program to use the facility, whereas with the existing approach, the shell can use the new facility without any additional binaries. > and we can pass the fd around if we want to. You can pass the FD around today --- specifically, you just pass the /proc/pid directory FD, not the /proc/pid/kill FD. The /proc/pid directory FD acts as a process handle. (It's literally a reference to a struct pid.) Anyone who receives one of these process handle FDs and who wants to use the corresponding kill file can open the kill fd with openat(2). What you can't do is pass the /proc/pid/kill FD to another security context and use it, but when would you ever want to do that?
