mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Bannier <benjamin.bann...@mesosphere.io>
Subject Review Request 59995: Used dedicated invocation of getsid to get the current process' session.
Date Mon, 12 Jun 2017 09:31:08 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59995/
-----------------------------------------------------------

Review request for mesos and Benjamin Mahler.


Repository: mesos


Description
-------

To get the session of the current process 'getsid(pid_t)' provides
special when passed a zero argument instead of a process ID. This
patch uses that special invocation instead of calling
'getsid(getpid())'.

For some versions of the 'getsid' syscall as implemented e.g., for the
Linux kernel 'getsid(0)' will directly return a session ID while
passing any non-zero process ID while invoke code to to check
whether the calling code is permitted to get the session ID of the
given process. This also calls into e.g., SELinux. Certain SELinux
rule implementations can fail to detect that the given process ID is
the current one, and thus fail the 'getsid' invocation with 'EPERM'.
Calling 'getsid' with a zero process ID prevents calling into security
hooks at all.


Diffs
-----

  3rdparty/stout/tests/os/process_tests.cpp d1760ef3cc36c1c13f1ab00ea4ab17fda4a46d8b 


Diff: https://reviews.apache.org/r/59995/diff/1/


Testing
-------

Tested on internal CI on various configurations.


Thanks,

Benjamin Bannier


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message