On 01/21/21 16:42, Max Reitz wrote: > Perhaps we have the policy of “If another process can send signals, then > we consider it to have full control over qemu, like a debugger.”
That's what I had more or less in mind, yes; see e.g. https://man7.org/linux/man-pages/man2/ptrace.2.html EPERM The specified process cannot be traced. This could be because the tracer has insufficient privileges (the required capability is CAP_SYS_PTRACE); unprivileged processes cannot trace processes that they cannot send signals to or those running set-user-ID/set-group-ID programs, for obvious reasons. Alternatively, the process may already be being traced, or (on kernels before 2.6.26) be init(1) (PID 1). Which seems to imply that, if you can send a signal, you can ptrace() the signalee as well. (I realize that what I'm saying does not follow from *pure logic*, as the manual is stating !sendsig -> !trace, hence trace -> sendsig. Whereas we're discussing the opposite direction: sendsig -> trace. *But*, IMO, that direction is *suggested* by the manual.) Anyway, this is kind of moot; I'm OK with the mutex too. :) Thanks Laszlo
