lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 4 Dec 2008 15:18:35 -0500
From:	"Bryan Donlan" <bdonlan@...il.com>
To:	"Serge E. Hallyn" <serue@...ibm.com>
Cc:	mtk.manpages@...il.com, ebiederm@...ssion.com,
	lkml <linux-kernel@...r.kernel.org>, linux-man@...r.kernel.org,
	clg@...ibm.com, herbert@...hfloor.at, dev@...ru,
	"Subrata Modak" <subrata@...ux.vnet.ibm.com>,
	"David Howells" <dhowells@...hat.com>
Subject: Re: Could you write some CLONE_NEWUSER?

On Thu, Dec 4, 2008 at 2:04 PM, Serge E. Hallyn <serue@...ibm.com> wrote:
> Quoting Michael Kerrisk (mtk.manpages@...glemail.com):
>> Hi Serge,
>>
>> Thanks for CCing me on recent CLONE_NEWUSER patches.
>>
>> Would you be will to write some documentation for this flag?  (It's
>> the only remaining undocumented flag in clone(2).)  Plain text would
>> be fine -- I'll integrate it into the man page with suitable macros.
>
> Well here is a start.  David, writing this actually reminded me that
> the per-user keys still aren't per-namespace.  Did you say you were
> looking at that, or should I send a patch (starting at
> security/keys/key.c:key_user_lookup())?
>
> Eric, if you get a second, could you please review?
>
> thanks,
> -serge
>
>
> CLONE_NEWUSER
>        Start the child in a new user namespace.
>
>        User namespaces are very incomplete.  When complete, they
>        will implement hierarchical userid namespaces designed to
>        be safely used without privilege.  User namespaces are
>        unnamed, but for the sake of this explanation we will give
>        them a single-letter ID.  Let us refer to userid 500 in user
>        namespace B  as (B, 500).  Assume a process owned by (B, 500)
>        passes CLONE_NEWUSER to clone(2).  A new user namespace, C,
>        will be created.  The new task will be owned by user
>        (C, 0).  No userid in user namespace C will be able to
>        gain more access than (B, 500) could obtain.  User (C, 500)
>        will be protected from (C, 501) as usual.  Files created
>        by (C, 501) are owned by both (C, 501) and (B, 500), so
>        (B, 500) owns all files created in user namespace C.  Likewise
>        (B, 500) can kill and ptrace any processes owned by (C, 501).

This is something more of a general question than one about this
manpage, but how will files owned by user namespaces be represented on
the underlying filesystem? Since (C, 501) will be meaningless after a
reboot at the latest, it makes little sense to persist them...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ