Here, using the process ID as the Identifier.Identify() parameter is itself a design flaw. #278
Description
Here, using the process ID as the Identifier.Identify() parameter is itself a design flaw.
My proposed fix is as follows:
https://lwn.net/ml/all/[email protected]/
Do not perform identity verification through procfs. Instead, we should use PIDFD_GET_INFO to obtain the cgroup's inode value and then use this value to determine the application's identity.
For kernels that do not support PIDFD_GET_INFO, provide such fallback logic: perform a comprehensive check before finally returning the function's result to ensure that the pidfd is still valid when we return the result.
在这里使用pid作为Identifier.Identify()的入参本身就属于是设计失误。
我的修复意见是这样的:
https://lwn.net/ml/all/[email protected]/
不要通过procfs来做身份检验,我们应当通过PIDFD_GET_INFO来获得cgroup的inode值,然后通过这个值来判断应用的身份。
在不支持 PIDFD_GET_INFO的内核上提供这样的回退逻辑:我们在最终返回整个函数的结果之前做一次总体的校验 判断我们返回结果的时候pidfd是不是依然有效。
Originally posted by @black-desk in #277 (comment)