On Sat, Mar 30, 2019 at 9:47 PM Jann Horn <ja...@google.com> wrote:
>
> Sure, given a pidfd_clone() syscall, as long as the parent of the
> process is giving you a pidfd for it and you don't have to deal with
> grandchildren created by fork() calls outside your control, that
> works.
Don't do pidfd_clone() and pidfd_wait().
Both of those existing system calls already get a "flags" argument.
Just make a WPIDFD (for waitid) and CLONE_PIDFD (for clone) bit, and
make the existing system calls just take/return a pidfd.
Side note: we could (should?) also make the default maxpid just be
larger. It needs to fit in an 'int', but MAXINT instead of 65535 would
likely alreadt make a lot of these attacks harder.
There was some really old legacy reason why we actually limited it to
65535 originally. It was old and crufty even back when..
Linus
Linus
