lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Apr 2017 23:42:17 -0500 From: ebiederm@...ssion.com (Eric W. Biederman) To: "Serge E. Hallyn" <serge@...lyn.com> Cc: Linux Containers <containers@...ts.linux-foundation.org>, agruenba@...hat.com, gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org, oleg@...hat.com, paul@...l-moore.com, viro@...iv.linux.org.uk, avagin@...nvz.org, linux-api@...r.kernel.org, linux-fsdevel@...r.kernel.org, mtk.manpages@...il.com, akpm@...ux-foundation.org, luto@...capital.net, gorcunov@...nvz.org, mingo@...nel.org, keescook@...omium.org, Kirill Tkhai <ktkhai@...tuozzo.com> Subject: Re: [PATCH] userns,pidns: Verify the userns for new pid namespaces ebiederm@...ssion.com (Eric W. Biederman) writes: > "Serge E. Hallyn" <serge@...lyn.com> writes: > >> Quoting Eric W. Biederman (ebiederm@...ssion.com): >>> >>> It is pointless and confusing to allow a pid namespace hierarchy and >>> the user namespace hierarchy to get out of sync. The owner of a child >>> pid namespace should be the owner of the parent pid namespace or >>> a descendant of the owner of the parent pid namespace. >>> >>> Otherwise it is possible to construct scenarios where it is legal to >>> do something in a parent pid namespace but in a child pid namespace. >> >> Hi, >> >> did you mean 'but not in a child...' above? > > Actually I believe I meant: > >>> Otherwise it is possible to construct scenarios where it is not legal >>> to do something in a parent pid namespace but it is legal a child pid >>> namespace. > > I definitely need to fix that wording thank you. Looking at some more I mean: Otherwise it is possible to construct scenarios where a process has a capability in a over a parent pid namespace but does not have the capability over a child pid namespace. Which confusingly makes permission checks non-transitive. Eric
Powered by blists - more mailing lists