On Mon, Jan 30, 2012 at 14:51 -0800, Andy Lutomirski wrote:
> That's neat! CLONE_NEWPID might be safe with no_new_privs, too.
> Unprivileged CLONE_NEWPID would also be a nice, straightforward way to
> start up a process hierarchy and then reliably kill the whole thing
> when you're done with it.
It worth checking whether creating HUGE number or pid namespaces is
able to lock down the system for a significant period of time. E.g.
triggering thousands of pid_ns enumeration under a spinlock.
The same with every "enable this privileged feature to unprivileged
users under certain circumstances" step.
Thanks,
--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments