asedeno.scripts.mit.edu Git - linux.git/commit

author	Sargun Dhillon <sargun@sargun.me>
	Tue, 7 Jan 2020 17:59:25 +0000 (09:59 -0800)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Mon, 13 Jan 2020 20:49:36 +0000 (21:49 +0100)
commit	8649c322f75c96e7ced2fec201e123b2b073bf09
tree	791d90016044b13207400609c491f71654fc5f34	tree \| snapshot
parent	5e876fb43dbf24c941a323139752bcb2f0a80da0	commit \| diff

pid: Implement pidfd_getfd syscall

This syscall allows for the retrieval of file descriptors from other
processes, based on their pidfd. This is possible using ptrace, and
injection of parasitic code to inject code which leverages SCM_RIGHTS
to move file descriptors between a tracee and a tracer. Unfortunately,
ptrace comes with a high cost of requiring the process to be stopped,
and breaks debuggers. This does not require stopping the process under
manipulation.

One reason to use this is to allow sandboxers to take actions on file
descriptors on the behalf of another process. For example, this can be
combined with seccomp-bpf's user notification to do on-demand fd
extraction and take privileged actions. One such privileged action
is binding a socket to a privileged port.

/* prototype */
/* flags is currently reserved and should be set to 0 */
int sys_pidfd_getfd(int pidfd, int fd, unsigned int flags);

/* testing */
Ran self-test suite on x86_64

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20200107175927.4558-3-sargun@sargun.me
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>