Comment 11 for bug 1839420

The crashed process keeps existing until the core dump handler (apport)
exits, so there's no risk of the pid getting recycled.

Stéphane

On Sun., Sep. 29, 2019, 4:50 p.m. Alex Murray, <email address hidden>
wrote:

> Thanks for the detailed patch Stéphane - from a security point of view I
> wonder if there is a possibility to race on the process ID like in
> #1839413 - since this does a lot of operations on /proc/$PID/xxx at
> various times so if another process claims $PID could this cause issues?
> Can you please comment?
>
> ** Changed in: apport (Ubuntu)
> Assignee: Ubuntu Security Team (ubuntu-security) => Stéphane Graber
> (stgraber)
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1839420
>
> Title:
> Per-process user controllable Apport socket file
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/apport/+bug/1839420/+subscriptions
>
> Launchpad-Notification-Type: bug
> Launchpad-Bug: product=apport; status=New; importance=High; assignee=None;
> Launchpad-Bug: distribution=ubuntu; sourcepackage=apport; component=main;
> status=New; importance=High; <email address hidden>;
> Launchpad-Bug-Information-Type: Private Security
> Launchpad-Bug-Private: yes
> Launchpad-Bug-Security-Vulnerability: yes
> Launchpad-Bug-Commenters: alexmurray seth-arnold stgraber
> Launchpad-Bug-Reporter: Alex Murray (alexmurray)
> Launchpad-Bug-Modifier: Alex Murray (alexmurray)
> Launchpad-Message-Rationale: Subscriber
> Launchpad-Message-For: stgraber
>