Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3450248imu; Fri, 30 Nov 2018 00:01:26 -0800 (PST) X-Google-Smtp-Source: AFSGD/WRJbxXmvwNIcM059+tA6Kt3b9VOmgi8Pbv2f3Ye1Xymg/G1SgzWLom0f52SSzjFW68NfXt X-Received: by 2002:a62:6b85:: with SMTP id g127mr4832103pfc.42.1543564886587; Fri, 30 Nov 2018 00:01:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543564886; cv=none; d=google.com; s=arc-20160816; b=aAJrlO2gBtw40bFsgz+h+VZdqv8DDStkEWYpSEPtaYLEzs4QkX87SCyFyNe+hBD5Nk t20RPK6F1F9PhyLlGP8MjRpcLsaYxHoglZ2K/rA4XbyFwfABH8gKJdFuwmJZaSRbWrBd 2VfCo4VP04XNfAvPuQhQGtyL4OZkCwva4yr7tLeBi9MiyJqjv7V79jnhfVsxwKfpF5P2 YHEixWHK/EywGJQbefzX/vASazc7W35EdxESru8oxjsiBgfftQGz1QL4U42HecVlzIm5 tULYKE8482KaON1SevJH8x6SHEAfG+RZgSRXfDD3y57UdxfOulLjJllNgEJD+/zkp8lI rtVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=yRePZxEk0pp7HBXehE9kzWJU3Z4C3XvMIqwuiCis9FM=; b=F9QC2mAjnZ7/BSyc9ZF2NUL1oRe6RSvg7gL59D0mjZ/mlVTVASGcRgykhIR6PonWTT Gm0kEGmCXxmpMEeOuXkSSCeloPaonC3/JUI/uqHMeiemMnDzDP4cEiCJJnyy2uKTDpt5 iMRMu+8ac9Isp3vc880mpjkiaXWnQfrSKz2OmtS0C3amf65jtultGr6Tba2KVX6tvWtc xQizgu+7oTlU4d9s+6e6wwwTIx9YoSqSC6VH4grTLpNGD/Lu4B7FbVegUto5VN77o+QU DqMGdwH6DQ6m8Yi3H9/QdyCVKFxIiRx1beUDguUzPQkHG8syiailweVJJBqB56TjYrOK gxkA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h5si3776125pgk.249.2018.11.30.00.01.11; Fri, 30 Nov 2018 00:01:26 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726948AbeK3TIv (ORCPT + 99 others); Fri, 30 Nov 2018 14:08:51 -0500 Received: from nov-007-i650.relay.mailchannels.net ([46.232.183.204]:14803 "EHLO nov-007-i650.relay.mailchannels.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726633AbeK3TIv (ORCPT ); Fri, 30 Nov 2018 14:08:51 -0500 X-Sender-Id: novatrend|x-authuser|juerg@bitron.ch Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id F39172EC0008; Fri, 30 Nov 2018 08:00:20 +0000 (UTC) Received: from srv17.tophost.ch (swiss-ingress-1.mailchannels.ch [46.232.183.5]) by relay.mailchannels.net (Postfix) with ESMTPA id 9E05C2EC0030; Fri, 30 Nov 2018 08:00:17 +0000 (UTC) X-Sender-Id: novatrend|x-authuser|juerg@bitron.ch Received: from srv17.tophost.ch (srv17.tophost.ch [193.33.128.141]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.15.2); Fri, 30 Nov 2018 08:00:20 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: novatrend|x-authuser|juerg@bitron.ch X-MailChannels-Auth-Id: novatrend X-Trail-Stretch: 1c69c3a646219a7e_1543564820657_4100978092 X-MC-Loop-Signature: 1543564820657:4136570025 X-MC-Ingress-Time: 1543564820656 Received: from [88.98.246.21] (port=60558 helo=jx1y.mynet) by srv17.tophost.ch with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-SHA256:128) (Exim 4.91) (envelope-from ) id 1gSdih-002eST-90; Fri, 30 Nov 2018 09:00:15 +0100 From: =?UTF-8?q?J=C3=BCrg=20Billeter?= To: Andrew Morton Cc: Oleg Nesterov , Thomas Gleixner , Eric Biederman , Kees Cook , Andy Lutomirski , linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, =?UTF-8?q?J=C3=BCrg=20Billeter?= Subject: [PATCH v2 0/1] Add prctl to kill descendants on exit Date: Fri, 30 Nov 2018 08:00:03 +0000 Message-Id: <20181130080004.23635-1-j@bitron.ch> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181127225408.7553-2-j@bitron.ch> References: <20181127225408.7553-2-j@bitron.ch> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-AuthUser: juerg@bitron.ch Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch adds a new prctl to kill all descendant processes on exit. See commit message for details of the prctl. This is a replacement of PR_SET_PDEATHSIG_PROC I proposed last year [1]. In the following discussion, Oleg suggested this approach. The motivation for this is to provide a lightweight mechanism to prevent stray processes. There is also a related Bugzilla entry [2]. PID namespaces can also be used to prevent stray processes, of course. However, they are not quite as lightweight as they typically also require a new mount namespace to be able to mount a new /proc. And they require CAP_SYS_ADMIN. User namespaces can help to gain CAP_SYS_ADMIN, however, that further increases the overhead and the other effects of the user namespace may not be desired. PID 1 in PID namespaces also exhibits non-standard signal behavior (SIGNAL_UNKILLABLE) [3]. Changes in v2: - Use bool instead of bitfield to avoid race with PR_SET_CHILD_SUBREAPER [1] https://lkml.kernel.org/lkml/20170929123058.48924-1-j@bitron.ch/ [2] https://bugzilla.kernel.org/show_bug.cgi?id=43300 [3] https://lkml.kernel.org/lkml/20180803144021.56920-2-j@bitron.ch/ Jürg Billeter (1): prctl: add PR_{GET,SET}_KILL_DESCENDANTS_ON_EXIT fs/exec.c | 6 ++++++ include/linux/sched/signal.h | 3 +++ include/uapi/linux/prctl.h | 4 ++++ kernel/exit.c | 12 ++++++++++++ kernel/sys.c | 11 +++++++++++ security/apparmor/lsm.c | 1 + security/selinux/hooks.c | 3 +++ 7 files changed, 40 insertions(+) -- 2.19.2