| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Aug 2013 15:22:42 +0800 From: Gao feng <gaofeng@...fujitsu.com> To: "Eric W. Biederman" <ebiederm@...ssion.com> CC: netdev@...r.kernel.org, systemd-devel@...ts.freedesktop.org, lxc-devel@...ts.sourceforge.net, davem@...emloft.net, Linux Containers <containers@...ts.linux-foundation.org>, "libvir-list@...hat.com" <libvir-list@...hat.com> Subject: Re: [PATCH] netns: unix: only allow to find out unix socket in same net namespace On 08/21/2013 03:06 PM, Eric W. Biederman wrote: > Gao feng <gaofeng@...fujitsu.com> writes: > >> cc libvirt-list >> >> On 08/21/2013 01:30 PM, Eric W. Biederman wrote: >>> Gao feng <gaofeng@...fujitsu.com> writes: >>> >>>> Unix sockets are private resources of net namespace, >>>> allowing one net namespace to access to other netns's unix >>>> sockets is meaningless. >>> >>> Allowing one net namespace to access another netns's unix socket is >>> deliberate behavior. This is a desired and useful feature, and >>> only a misconfiguration of visible files would allow this to be a >>> problem. >>> >>>> I'm researching a problem about shutdown from container, >>>> if the cotainer shares the same file /run/systemd/private >>>> with host, when we run shutdown -h xxx in container, the >>>> shutdown message will be send to the systemd-shutdownd >>>> through unix socket /run/systemd/private, and because >>>> systemd-shutdownd is running in host, so finally, the host >>>> will become shutdown. >>> >>> The simple answer is don't do that then. I can see no reason >>> to share /run outside of the container unless you want this kind of >>> behavior. >>> >>> Quite frankly I want this behavior if I am using network namespaces >>> to support multiple routing contexts. That is if I am using scripts >>> like: >>> >>> ip netns add other >>> ip netns exec other script >>> >>> I don't want to have to remember to say >>> ip netns orig exec shutdown -h now >>> >>> There are more compelling uses and there is no cost in supporting this >>> in the kernel. >>> >>> What kind of misconfiguration caused someone to complain about this? >>> >> >> libvirt lxc allows user to set up a container which shares the same root >> directory with host. >> >> seems like the unix sockets whose sun_path is an abstract socket address >> are net namespace aware. >> >> Should we use "abstract" type of address instead of a file system pathname >> for systemd in this case? > > I suspect libvirt should simply not share /run or any other normally > writable directory with the host. Sharing /run /var/run or even /tmp > seems extremely dubious if you want some kind of containment, and > without strange things spilling through. > right now I only take note of the unix socket /run/systemd/private, but there may have many similar unix sockets, they can exist in any path. the strange problems will still happen. anyway, I will send a patch to setup a fresh tmpfs for the /run directory of container first. Eric, Thanks for your help! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists