lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140912221852.GA18234@mail.hallyn.com>
Date:	Sat, 13 Sep 2014 00:18:52 +0200
From:	"Serge E. Hallyn" <serge@...lyn.com>
To:	Chen Hanxiao <chenhanxiao@...fujitsu.com>
Cc:	containers@...ts.linux-foundation.org,
	linux-kernel@...r.kernel.org,
	Richard Weinberger <richard.weinberger@...il.com>,
	Serge Hallyn <serge.hallyn@...ntu.com>,
	Oleg Nesterov <oleg@...hat.com>,
	David Howells <dhowells@...hat.com>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Al Viro <viro@...iv.linux.org.uk>
Subject: Re: [RFC PATCH 0/3] ns, procfs: pid conversion between ns and
 showing pidns hierarchy

Hi,

so the below is just 30 mins worth of playing around, will hang if you give
it bad pids, and requires privilege, but shows how to get pid conversion
in some cases.  Basically it gives you what I had previously suggested
for the query_pid syscall before.

In general, usage is

translatepid reporter_pid dest_pid query_pid

where reporter_pid and dest_pid are pids in your pidns.  It will assume
query_pid is a valid pid in reporter_pid's pidns, and return the pid of
the same process in dest_pid's namespace.

In particular,

if a process in a container (say pid 1, pid 24444 in the host pidns)
reports something about another process (say pid 262) in the container,
and you have a shell (pid 1092) on the host, you can figure out the pid
for 262 in your host pidns using

translatepid $$ 24444 262

or to figure out what pid 25152 on the host is knows as in the
container,

translatepid 24444 $$ 25152

I wonder whether this is enough to give you all you need.  While it
won't be super-fast, you could use and ppid info to figure out who
is pid 1, etc.

#define _GNU_SOURCE             /* See feature_test_macros(7) */
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <fcntl.h>
#include <sys/un.h>
#include <sched.h>
#include <errno.h>

/*
 * general usage:
 *    translatepid reporter_ns_pid dest_ns_pid query_pid
 *
 * reporter_ns_pid and dest_ns_pid are pids in your namespace.
 * query_pid is in reporter_ns_pid's namespace.  The result is
 * in dest_ns_pid's namespace.
 *
 * If you see pid 10064 and want to know what it's vpid
 * is:
 *    translatepid $$ 10064 10064
 * If pid 10064 reported something about a pid 9 in its
 * own ns and you want to know what pid that is in your
 * ns:
 *    translatepid 10064 $$ 9
 *
 * First cpid1, in rpid's pidns, sends us query_pid.
 * Then we send that translated pid to cpid2, in dpid's pidns.
 * It prints out the answer
 */

static int proxyrecv(int sockfd, void *buf, size_t len)
{
	struct timeval tv;
	fd_set rfds;

	FD_ZERO(&rfds);
	FD_SET(sockfd, &rfds);
	tv.tv_sec = 2;
	tv.tv_usec = 0;

	if (select(sockfd+1, &rfds, NULL, NULL, &tv) < 0)
		return -1;
	return recv(sockfd, buf, len, MSG_DONTWAIT);
}

void send_creds(int sock, struct ucred *cred)
{
	struct msghdr msg = { 0 };
	struct iovec iov;
	struct cmsghdr *cmsg;
	char cmsgbuf[CMSG_SPACE(sizeof(*cred))];
	char buf[1];
	buf[0] = 'p';

	if (proxyrecv(sock, buf, 1) != 1) {
		printf("%s: Error getting reply from server over socketpair",
			  __func__);
		exit(1);
	}

	msg.msg_control = cmsgbuf;
	msg.msg_controllen = sizeof(cmsgbuf);

	cmsg = CMSG_FIRSTHDR(&msg);
	cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
	cmsg->cmsg_level = SOL_SOCKET;
	cmsg->cmsg_type = SCM_CREDENTIALS;
	memcpy(CMSG_DATA(cmsg), cred, sizeof(*cred));

	msg.msg_name = NULL;
	msg.msg_namelen = 0;

	iov.iov_base = buf;
	iov.iov_len = sizeof(buf);
	msg.msg_iov = &iov;
	msg.msg_iovlen = 1;

	if (sendmsg(sock, &msg, 0) < 0) {
		printf("%s: failed at sendmsg: %s", __func__,
			  strerror(errno));
		exit(1);
	}
}

void recv_creds(int sock, struct ucred *cred)
{
	struct msghdr msg = { 0 };
	struct iovec iov;
	struct cmsghdr *cmsg;
	char cmsgbuf[CMSG_SPACE(sizeof(*cred))];
	char buf[1];
	int ret;
	int optval = 1;

	cred->pid = -1;
	cred->uid = -1;
	cred->gid = -1;

	if (setsockopt(sock, SOL_SOCKET, SO_PASSCRED, &optval, sizeof(optval)) == -1) {
		printf("Failed to set passcred: %s", strerror(errno));
		return;
	}
	buf[0] = '1';
	if (write(sock, buf, 1) != 1) {
		printf("Failed to start write on scm fd: %s", strerror(errno));
		return;
	}

	msg.msg_name = NULL;
	msg.msg_namelen = 0;
	msg.msg_control = cmsgbuf;
	msg.msg_controllen = sizeof(cmsgbuf);

	iov.iov_base = buf;
	iov.iov_len = sizeof(buf);
	msg.msg_iov = &iov;
	msg.msg_iovlen = 1;

	// retry logic is not ideal, especially as we are not
	// threaded.  Sleep at most 1 second waiting for the client
	// to send us the scm_cred
	ret = recvmsg(sock, &msg, 0);
	if (ret < 0) {
		printf("Failed to receive scm_cred: %s",
			  strerror(errno));
		return;
	}

	cmsg = CMSG_FIRSTHDR(&msg);

	if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
			cmsg->cmsg_level == SOL_SOCKET &&
			cmsg->cmsg_type == SCM_CREDENTIALS) {
		memcpy(cred, CMSG_DATA(cmsg), sizeof(*cred));
	}
}

int main(int argc, char *argv[])
{
	pid_t rpid, dpid, qpid;
	pid_t cpid1, cpid2;
	int optval = 1;
	struct ucred u;
	char path[100];
	int fd;

	int sv[2];

	if (argc != 4) {
		printf("Usage: %s report_pid dest_pid query_pid\n", argv[0]);
		exit(1);
	}

	if (socketpair(AF_UNIX, SOCK_DGRAM, 0, sv) < 0) {
		perror("socketpair");
		exit(1);
	}
	rpid = atoi(argv[1]);
	dpid = atoi(argv[2]);
	qpid = atoi(argv[3]);

	if ((cpid1 = fork()) < 0) {
		perror("fork");
		exit(1);
	}
	if (cpid1 == 0) {
		int xpid;
		sprintf(path, "/proc/%d/ns/pid", rpid);
		fd = open(path, O_RDWR);
		if (fd < 0) {
			perror("open of nspid");
			exit(1);
		}
		if (setns(fd, 0) < 0) {
			perror("setns");
			exit(1);
		}
		if ((xpid = fork()) < 0)
			exit(1);
		if (xpid == 0) {
			u.uid = 0;  u.gid = 0;  u.pid = qpid;
			send_creds(sv[0], &u);
		}
		exit(0);
	}
	recv_creds(sv[1], &u);

	close(sv[0]);
	close(sv[1]);

	if (socketpair(AF_UNIX, SOCK_DGRAM, 0, sv) < 0) {
		perror("socketpair");
		exit(1);
	}
	if ((cpid2 = fork()) < 0) {
		perror("fork");
		exit(1);
	}

	if (cpid2 == 0) {
		pid_t xpid;
		sprintf(path, "/proc/%d/ns/pid", dpid);
		fd = open(path, O_RDWR);
		if (fd < 0) {
			perror("open of nspid");
			exit(1);
		}
		if (setns(fd, 0) < 0) {
			perror("setns");
			exit(1);
		}
		if ((xpid = fork()) < 0)
			exit(1);
		if (xpid == 0) {
			recv_creds(sv[1], &u);
			printf("pid is: %d\n", (int) u.pid);
		}
		exit(0);
	}

	send_creds(sv[0], &u);

	waitpid(cpid2, NULL, 0);
	exit(0);
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ