[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87bodww9hv.fsf@xmission.com>
Date: Fri, 14 Dec 2012 14:32:12 -0800
From: ebiederm@...ssion.com (Eric W. Biederman)
To: "Serge E. Hallyn" <serge@...lyn.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
containers@...ts.linux-foundation.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Andy Lutomirski <luto@...capital.net>,
linux-security-module@...r.kernel.org
Subject: Re: [RFC][PATCH] Fix cap_capable to only allow owners in the parent user namespace to have caps.
"Serge E. Hallyn" <serge@...lyn.com> writes:
> Quoting Eric W. Biederman (ebiederm@...ssion.com):
>> A child user namespace having capabilities against processes in it's
>> parent seems totally bizarre and pretty dangerous from a capabilities
>> standpoint.
>
> How would it have them against its parent?
init_user_ns
userns a --- created by kuid 1
userns b -- created by kuid 2
process c in userns b with kuid 1
Serge read the first permisison check in common_cap.
Think what happens in the above example.
For the rest I understand your concern.
Serge please read and look at the patches I have posted to fix
the issues Andy found with the user namespace tree. Especially
the fix to commit_creds.
After you have looked at the patches to fix the issues I will
be happy to discuss things further with you.
Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists