| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120330161500.GA32247@mail.hallyn.com> Date: Fri, 30 Mar 2012 16:15:00 +0000 From: "Serge E. Hallyn" <serge@...lyn.com> To: Cyrill Gorcunov <gorcunov@...nvz.org> Cc: Serge Hallyn <serge.hallyn@...onical.com>, "Serge E. Hallyn" <serge@...lyn.com>, Oleg Nesterov <oleg@...hat.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, LKML <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org>, Pavel Emelyanov <xemul@...allels.com>, keescook@...omium.org Subject: Re: [rfc] fcntl: Add F_GETOWNER_UIDS option Quoting Cyrill Gorcunov (gorcunov@...nvz.org): > On Fri, Mar 30, 2012 at 09:12:19AM -0500, Serge Hallyn wrote: > ... > > > > > > Yes, I wanna take a look on Eric's set first just to get right > > > "picture" of everything. And I wanted to find a minimal solution > > > with current kernel code base which could be extended in future. > > > > > > That said I guess the current init-ns-only approach should do the > > > trick for a while. And (thanks for pointing) I need to add a test > > > if a caller which tries to obtain uids has enought credentials > > > for that (probably CAP_FOWNER), right? > > > > Sorry, I'm not sure which caller you mean. Neither f_setown nor > > f_getown require privilege right now. Oh, you mean at restart? > > I meant the dumper. Yes, at moment f_get/setown requires no privileges > but I'm not sure if uid/euid is same or less sensible information > than pid, that's why I though CAP_FOWNER might be worth to add, no? Hmm, I would say no, but that might be a good question for kees. IMO it's not sensitive information and so no sense requiring privilege (and encouraging handing out of extra privilage to get at the info) Cc:ing kees. > > f_setown to someone else's uid/pid means you may cause a signal to > > be sent to them. So CAP_KILL might be good? You do through that > > signal get *some* info about the file writes, though not contents. > > So yeah, maybe (CAP_KILL|CAP_FOWNER). > ... > > > I suspect operating with kuid's will be a way more easier. > > > > Yeah, I keep going back and forth on which makes more sense. But > > kuid's probably make more sense, even though they aren't what > > userspace in container will see. When you restore, the mapping > > will give userspace what it expects; and if you're going to > > restart in a container with a different mapping, then you'll > > have to convert the filesystem as well since its inodes will > > store kuids, so may as well also convert the kuids in the > > checkpoint image then. > > Agreed (if only I'm not missimg somethig ;) > > Cyrill -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists