[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Plash] Sending signals to sandboxed processes
|
From: |
Thomas Leonard |
|
Subject: |
Re: [Plash] Sending signals to sandboxed processes |
|
Date: |
Sat, 28 Jul 2012 19:46:54 +0100 |
On 13 February 2011 16:19, Thomas Leonard <address@hidden> wrote:
> On 19 November 2006 20:40, Thomas Leonard <address@hidden> wrote:
>> Is there any way to send a signal (e.g. SIGTERM) to a plash process
>> from outside the sandbox?
>>
>> Sending signals via the tty (^C etc) works fine, but sending using
>> kill(2) doesn't seem to be possible (presumably because all the uids
>> are different).
>
> Would it be possible to use clone(2) with CLONE_NEWPID to get this behaviour?
>
> Then the sandboxed processes would run with the same UID as the user,
> but they can only send signals within the sandbox because PIDs are
> unique to the sandbox. e.g. within the sandbox, the top-level process
> is PID 1. Outside of the sandbox, it has a different PID and can be
> killed by the user with no special privileges. This also allows
> processes to see a restricted view of /proc.
I see Linux 3.5 now lets processes restrict which system calls they can make:
"Seccomp-based system call filtering"
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=Documentation/prctl/seccomp_filter.txt;hb=HEAD
Could this remove the need to run sandboxed processes as a different
user? If so, killing would work, fchmod would work, and we wouldn't
need the SUID helper either...
--
Dr Thomas Leonard http://0install.net/
GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1
GPG: DA98 25AE CAD0 8975 7CDA BD8E 0713 3F96 CA74 D8BA
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Plash] Sending signals to sandboxed processes,
Thomas Leonard <=