The crashed process keeps existing until the core dump handler (apport)
exits, so there's no risk of the pid getting recycled.
Stéphane
On Sun., Sep. 29, 2019, 4:50 p.m. Alex Murray, <email address hidden>
wrote:
> Thanks for the detailed patch Stéphane - from a security point of view I
> wonder if there is a possibility to race on the process ID like in
> #1839413 - since this does a lot of operations on /proc/$PID/xxx at
> various times so if another process claims $PID could this cause issues?
> Can you please comment?
>
> ** Changed in: apport (Ubuntu)
> Assignee: Ubuntu Security Team (ubuntu-security) => Stéphane Graber
> (stgraber)
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1839420
>
> Title:
> Per-process user controllable Apport socket file
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/apport/+bug/1839420/+subscriptions
>
> Launchpad-Notification-Type: bug
> Launchpad-Bug: product=apport; status=New; importance=High; assignee=None;
> Launchpad-Bug: distribution=ubuntu; sourcepackage=apport; component=main;
> status=New; importance=High; <email address hidden>;
> Launchpad-Bug-Information-Type: Private Security
> Launchpad-Bug-Private: yes
> Launchpad-Bug-Security-Vulnerability: yes
> Launchpad-Bug-Commenters: alexmurray seth-arnold stgraber
> Launchpad-Bug-Reporter: Alex Murray (alexmurray)
> Launchpad-Bug-Modifier: Alex Murray (alexmurray)
> Launchpad-Message-Rationale: Subscriber
> Launchpad-Message-For: stgraber
>
The crashed process keeps existing until the core dump handler (apport)
exits, so there's no risk of the pid getting recycled.
Stéphane
On Sun., Sep. 29, 2019, 4:50 p.m. Alex Murray, <email address hidden>
wrote:
> Thanks for the detailed patch Stéphane - from a security point of view I /bugs.launchpad .net/bugs/ 1839420 /bugs.launchpad .net/apport/ +bug/1839420/ +subscriptions Notification- Type: bug ubuntu; sourcepackage= apport; component=main; Bug-Information -Type: Private Security Bug-Private: yes Bug-Security- Vulnerability: yes Bug-Commenters: alexmurray seth-arnold stgraber Bug-Reporter: Alex Murray (alexmurray) Bug-Modifier: Alex Murray (alexmurray) Message- Rationale: Subscriber Message- For: stgraber
> wonder if there is a possibility to race on the process ID like in
> #1839413 - since this does a lot of operations on /proc/$PID/xxx at
> various times so if another process claims $PID could this cause issues?
> Can you please comment?
>
> ** Changed in: apport (Ubuntu)
> Assignee: Ubuntu Security Team (ubuntu-security) => Stéphane Graber
> (stgraber)
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> Per-process user controllable Apport socket file
>
> To manage notifications about this bug go to:
> https:/
>
> Launchpad-
> Launchpad-Bug: product=apport; status=New; importance=High; assignee=None;
> Launchpad-Bug: distribution=
> status=New; importance=High; <email address hidden>;
> Launchpad-
> Launchpad-
> Launchpad-
> Launchpad-
> Launchpad-
> Launchpad-
> Launchpad-
> Launchpad-
>