[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Plash] Sending signals to sandboxed processes

From: Thomas Leonard
Subject: Re: [Plash] Sending signals to sandboxed processes
Date: Sat, 28 Jul 2012 19:46:54 +0100

On 13 February 2011 16:19, Thomas Leonard <address@hidden> wrote:
> On 19 November 2006 20:40, Thomas Leonard <address@hidden> wrote:
>> Is there any way to send a signal (e.g. SIGTERM) to a plash process
>> from outside the sandbox?
>> Sending signals via the tty (^C etc) works fine, but sending using
>> kill(2) doesn't seem to be possible (presumably because all the uids
>> are different).
> Would it be possible to use clone(2) with CLONE_NEWPID to get this behaviour?
> Then the sandboxed processes would run with the same UID as the user,
> but they can only send signals within the sandbox because PIDs are
> unique to the sandbox. e.g. within the sandbox, the top-level process
> is PID 1. Outside of the sandbox, it has a different PID and can be
> killed by the user with no special privileges. This also allows
> processes to see a restricted view of /proc.

I see Linux 3.5 now lets processes restrict which system calls they can make:

"Seccomp-based system call filtering";a=blob;f=Documentation/prctl/seccomp_filter.txt;hb=HEAD

Could this remove the need to run sandboxed processes as a different
user? If so, killing would work, fchmod would work, and we wouldn't
need the SUID helper either...

Dr Thomas Leonard
GPG: 9242 9807 C985 3C07 44A6  8B9A AE07 8280 59A5 3CC1
GPG: DA98 25AE CAD0 8975 7CDA  BD8E 0713 3F96 CA74 D8BA

reply via email to

[Prev in Thread] Current Thread [Next in Thread]