lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:	Fri, 08 Aug 2008 11:31:56 +0300
From:	Markku Savela <msa@...h.iki.fi>
To:	linux-kernel@...r.kernel.org
Subject: Access to credentials of a process from another?

I looked with some interest the big credentials patch.

I have a desire to do following in user space

  - have PID of another process

  - want to check some aspect of credentials of this process from
    another process (for example, currently whether the other process
    has a specific group in its context).

In current Ubuntu release, to achieve this, I had to patch kernel
sys.c and write own kernel module which offered the API for this
function.

I notice that credentials (http://lwn.net/Articles/287091/) document
has some wording about accessing credentials from another
process. What is not clear yet (in document),

 - is this possible from loadable module (e.g. are the required
   symbols exported)?

 - are there any plans to define some API for a user space application
   to access this information?

I assume that in some cases, like Unix socket, the peers should
have same direct vay of reading each others credentials blobs from the
socket?

However, for example, in case of DBus this is murky, as the server and
client do not have direct connection to each other, and DBus would
need to pass some information. Currently, with some work, it is
possible for DBus server to get the clients PID. Thus, a function in
user space to get the credentials by PID would be sufficient.

Also, it is not acceptable to say that DBus should use it's "root"
powers and fake clients credentials on forwarded messages.

 - First, not all DBus are root,

 - second, server might want to see both credentials (DBus servers and
   the originating client).

Finally, I don't like any text based /proc file solutions, for example
parsing output of "/proc/<pid>/status" is horrible (especially was not
option for me, because it does not give all groups anyway).
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ