lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <519A3693.8020006@parallels.com>
Date:	Mon, 20 May 2013 18:43:31 +0400
From:	Stanislav Kinsbursky <skinsbursky@...allels.com>
To:	Oleg Nesterov <oleg@...hat.com>
CC:	<akpm@...ux-foundation.org>, <jlayton@...hat.com>,
	<lucas.demarchi@...fusion.mobi>, <rusty@...tcorp.com.au>,
	<linux-kernel@...r.kernel.org>, <bfields@...ldses.org>,
	<viro@...iv.linux.org.uk>, <bharrosh@...asas.com>,
	<devel@...nvz.org>
Subject: Re: [RFC PATCH] kmod: add ability to swap root in usermode helper

20.05.2013 17:57, Oleg Nesterov пишет:
> On 05/20, Stanislav Kinsbursky wrote:
>>
>> Usermode helper executes all binaries in global "init" root context. This
>> doesn't allow to call to call the binary from other root (for example in a
>> container).
>> Currently, containerized NFS server requires an ability to execute a binary in
>> a other context, than "init" root (UMH is used for client recovery tracking).
>> This patch adds root swap to ____call_usermodehelper(), if non-NULL root was
>> passed as a part of subprocess_info data,
>
> Why do we need the new member/arguments?
>
>> @@ -215,6 +216,9 @@ static int ____call_usermodehelper(void *data)
>>   	 */
>>   	set_user_nice(current, 0);
>>
>> +	if (sub_info->root)
>> +		set_fs_root(current->fs, sub_info->root);
>
> Can't subprocess_info->init() do this? You can pass root as ->data.
>
> IOW, unless I missed something, nfs can do this without any changes
> in kmod.c.
>
> Oleg.
>

Thanks for the comment.
Yes, it definitely can. But, NFS server in the the only place. Usermode helper in
called from NFS client code and thus the same functionality is required there as well.
Moreover, set_fs_root() is not exported.
And adding an ability of a root swap to usermode helper looks quite logical. At least from the
"containers" point of view, which usually have it's own root.

-- 
Best regards,
Stanislav Kinsbursky
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ