lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 23 Jun 2010 23:49:50 +0900
From:	Mike McCormack <mikem@...g3k.org>
To:	Andrew Morton <akpm@...ux-foundation.org>
CC:	oleg@...hat.com, kosaki.motohiro@...fujitsu.com, serue@...ibm.com,
	jmorris@...ei.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] proc: Add complete process group list

Andrew Morton wrote:

>> This feature might be useful for a server listening on a unix domain pipe
>>  to determine the list of groups that a client process is in from its pid.
> 
> "might be"?

Well, "would be" :-)

> It would be useful to hear a bit more about usage scenarios, why this
> is needed, etc - some hard info which would justify permanent extension
> of the kernel->userspace API.  How does this get used, why is it
> needed, what are the alternatives, etc.

This will be used in a device with groups permissions checked in userspace.

Say you have a process called "telephony-server", and it talks to a number 
of client processes with different privilege levels via a unix domain socket.

telephony-server might be able do things which should have different privilege 
levels, like send SMS messages, make phone calls, download firmware to a 3G 
modem, etc.  The client processes would be members of groups reflecting
each privilege.  Depending on the number of similar servers in the system, 
and how fine-grained the privileges are, there might be lots of groups (>32).

telephony-server should be able to allow or deny requests depending on whether
an application is a member of the correct group or not. 

unix sockets can pass credentials, but currently I can only see struct ucred 
(pid, uid and gid) being passed.  Using the pid, /proc/pid/status can be read 
for a list of groups, but it only lists up to 32 groups.

Ways I can see to get the groups for a unix socket peer from it's pid all 
mostly require some kernel modification:

* modify kernel to list all groups in /proc/<pid>/status 
    - very long lines become possible in status file
    - no way to know whether you're using an old kernel with 32 group limit
       or new kernel and pid only has 32 groups

* modify kernel to add /proc/<pid>/groups
    - more kernel-userland interface

* implement LOCAL_CREDS for unix domain sockets in Linux
    - work

* limit number of groups to 32
    - limit is imposed by /proc code

* create multiple unix domian sockets per privilege with group r/w only
    - seems like trouble


What do you think?

thanks,

Mike

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ