Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp5591157imd; Tue, 30 Oct 2018 21:48:53 -0700 (PDT) X-Google-Smtp-Source: AJdET5eDCUpb3LbodrGrSiav4sMo4nn7SB4loSxAbXGCPotdtsFnnR8Hk+2txMuBhKSoXiT0jH0A X-Received: by 2002:a17:902:509:: with SMTP id 9-v6mr1697298plf.3.1540961332942; Tue, 30 Oct 2018 21:48:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540961332; cv=none; d=google.com; s=arc-20160816; b=PPjre6rL0w6LrnAX+OAaG41QDbrvFHN3wy7Fd/ZmT1KejJc6uRMD3s8EeBQy0W5eoo GZnbPn6rVi55u9uMAXCgyNI9QjStU0RWfnlC1bRNPwGo1/0sP/u5SWP9XxrQHo87gWTK TH/Vfj8WhXXDm8n75Y8XY1davaRrb4azFfCLtg12hc5EcPUEKNoNadUqQQ/1fq2eRlKY PSHerbZrHGDCBJ1l+3O8XB08LiOlOSqNb/tK+d+wbvPsVHGp4zJABExSDWAsHxQUpGKI DKf3CYsbXOosiyBdUdRo7Dy9ofx6I+nrSO7NBUhWdnt6RQ2FGr9sC7VImxYxRLyZBdFo K7ZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:mime-version:user-agent :message-id:in-reply-to:date:references:cc:to:from; bh=E+9f9FSmYYD3nNmWxJx7xAixsokon8jMQG0dtTtk6yA=; b=taVMQdxUM/AyXqhYQYkpN8Hw1jPhq+moivQy9af0iRboF5H06BL5oZdqRcaIAptthh Pn5otrB2dT7N2ePaGq2bhfrJodvx09QRKHivv+tRSddpFw96kqmKuzTfpbPw4MiPNnHc eBvI1eJ+XwBIS4T/ogrH0MluuNGJPCgvTu8k9FjeT1gjsU0udjKjKxSRDwPzQ887Uq2R Z9lFPj6Z53ZEe8/X/B+3m7xzn/t+jY10NMzKnNW4Q4sjlhkevmQnwT7ZXXsEmqtOxP+1 x1dYccM1cyp1VDKhSXQQxIMd2/blAPje6EvjhOUxHQk9K7H9vTtQV5Yiq3Tt97M99aQS 0i5g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r3-v6si26669760pga.321.2018.10.30.21.48.37; Tue, 30 Oct 2018 21:48:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729126AbeJaNok (ORCPT + 99 others); Wed, 31 Oct 2018 09:44:40 -0400 Received: from out03.mta.xmission.com ([166.70.13.233]:47740 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729021AbeJaNok (ORCPT ); Wed, 31 Oct 2018 09:44:40 -0400 Received: from in01.mta.xmission.com ([166.70.13.51]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1gHiQP-00036Z-2M; Tue, 30 Oct 2018 22:48:13 -0600 Received: from 67-3-154-154.omah.qwest.net ([67.3.154.154] helo=x220.xmission.com) by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1gHiQO-00060O-Ec; Tue, 30 Oct 2018 22:48:12 -0600 From: ebiederm@xmission.com (Eric W. Biederman) To: Aleksa Sarai Cc: Daniel Colascione , linux-kernel@vger.kernel.org, timmurray@google.com, joelaf@google.com, surenb@google.com References: <20181029221037.87724-1-dancol@google.com> <20181030050012.u43lcvydy6nom3ul@yavin> Date: Tue, 30 Oct 2018 23:47:42 -0500 In-Reply-To: <20181030050012.u43lcvydy6nom3ul@yavin> (Aleksa Sarai's message of "Tue, 30 Oct 2018 16:00:12 +1100") Message-ID: <8736sm3eoh.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1gHiQO-00060O-Ec;;;mid=<8736sm3eoh.fsf@xmission.com>;;;hst=in01.mta.xmission.com;;;ip=67.3.154.154;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX1/FZiJnpy7KYFhIbHPkPm2qPZFNP6dh+uI= X-SA-Exim-Connect-IP: 67.3.154.154 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa08.xmission.com X-Spam-Level: X-Spam-Status: No, score=-1.0 required=8.0 tests=ALL_TRUSTED,BAYES_40, DCC_CHECK_NEGATIVE,TVD_RCVD_IP,T_TM2_M_HEADER_IN_MSG autolearn=disabled version=3.4.1 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * -0.0 BAYES_40 BODY: Bayes spam probability is 20 to 40% * [score: 0.3887] * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa08 1397; Body=1 Fuz1=1 Fuz2=1] X-Spam-DCC: XMission; sa08 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Aleksa Sarai X-Spam-Relay-Country: X-Spam-Timing: total 161 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 5 (3.2%), b_tie_ro: 3.6 (2.3%), parse: 1.12 (0.7%), extract_message_metadata: 12 (7.3%), get_uri_detail_list: 1.36 (0.8%), tests_pri_-1000: 4.8 (3.0%), tests_pri_-950: 1.09 (0.7%), tests_pri_-900: 1.00 (0.6%), tests_pri_-90: 19 (11.8%), check_bayes: 18 (10.9%), b_tokenize: 3.9 (2.4%), b_tok_get_all: 6 (3.8%), b_comp_prob: 1.56 (1.0%), b_tok_touch_all: 3.2 (2.0%), b_finish: 0.90 (0.6%), tests_pri_0: 107 (66.6%), check_dkim_signature: 0.38 (0.2%), check_dkim_adsp: 2.9 (1.8%), tests_pri_10: 1.72 (1.1%), tests_pri_500: 5 (3.3%), rewrite_mail: 0.00 (0.0%) Subject: Re: [RFC PATCH] Implement /proc/pid/kill X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Aleksa Sarai writes: > On 2018-10-29, Daniel Colascione wrote: >> Add a simple proc-based kill interface. To use /proc/pid/kill, just >> write the signal number in base-10 ASCII to the kill file of the >> process to be killed: for example, 'echo 9 > /proc/$$/kill'. >> >> Semantically, /proc/pid/kill works like kill(2), except that the >> process ID comes from the proc filesystem context instead of from an >> explicit system call parameter. This way, it's possible to avoid races >> between inspecting some aspect of a process and that process's PID >> being reused for some other process. > > (Aside from any UX concerns other folks might have.) > > I think it would be a good idea to (at least temporarily) restrict this > so that only processes that are in the same PID namespace as the /proc > being resolved through may use this interface. Otherwise you might have > cases where partial container breakouts can start sending signals to > PIDs they wouldn't normally be able to address. No. That is the container managers job. If you have the wrong proc mounted in your container or otherwise allow access to it that is the fault of the application that set up the container. The pid namespace limits visibility. If something becomes visible and you have permissions over it, it is perfectly reasonable for you to execute those permissions. Eric