[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110114150217.GC20945@wavehammer.waldi.eu.org>
Date: Fri, 14 Jan 2011 16:02:17 +0100
From: Bastian Blank <bastian@...di.eu.org>
To: "Serge E. Hallyn" <serge@...lyn.com>
Cc: containers@...ts.linux-foundation.org,
kernel list <linux-kernel@...r.kernel.org>,
LSM <linux-security-module@...r.kernel.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Kees Cook <kees.cook@...onical.com>,
Alexey Dobriyan <adobriyan@...il.com>,
Michael Kerrisk <mtk.manpages@...il.com>
Subject: Re: [PATCH 6/7] user namespaces: convert all capable checks in
kernel/sys.c
On Tue, Jan 11, 2011 at 05:27:59AM +0000, Serge E. Hallyn wrote:
> Quoting Bastian Blank (bastian@...di.eu.org):
> > On Mon, Jan 10, 2011 at 09:14:07PM +0000, Serge E. Hallyn wrote:
> > > - if (pcred->uid != cred->euid &&
> > > - pcred->euid != cred->euid && !capable(CAP_SYS_NICE)) {
> > > + if (pcred->user->user_ns != cred->user->user_ns &&
> > > + pcred->uid != cred->euid &&
> > > + pcred->euid != cred->euid &&
> > > + !ns_capable(pcred->user->user_ns, CAP_SYS_NICE)) {
> >
> > I don't think this is correct. This would not error out if the both
> > userns are the same. Because the same patern (check uid if same userns,
> > otherwise only capability) shows up in several parts of the code, maybe
> > this should be factored out.
>
> Yeah, I'd really like to factor this out because it shows up everywhere
> and I have to think about it every time I look at it. But each time it
> shows up, the uids being compared slightly change. There must be some
> clever way of doing it, hopefully it'll fall out soon.
Well, then make mostly identical (_inline_) functions in one location
(include/linux/cred.h comes in mind). You can ask later why they have
to be different.
You are scaling the complexity up. So you need to make it somehow
manageable, and even slightly different versions in one place are much
easier to handle than the same in many different places.
kill_ok_by_cred would be:
cred_check_euid_suid(struct task_struct *p, X capable)
set_one_prio_perm would be:
cred_check_euid_euid(struct task_struct *p, X capable)
Bastian
--
"Life and death are seldom logical."
"But attaining a desired goal always is."
-- McCoy and Spock, "The Galileo Seven", stardate 2821.7
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists