Hello,
I've been working on introducing user namespaces (i.e. containers) to ABRT
core_pattern helper. I've learned that I must not trust anybody, thus I must not
run any command from the crashing process' root directory. I've also learned it
is not safe to run 'rpm --root /proc/[pid]/root -qf /the/executable'.
However I want to teach ABRT to get rpm package data from the container. I
believe users will appreciate it.
So I got the idea to run 'rpm' from the crashing process' root directory without
root privileges.
I plan to run the following command from ABRT core_pattern helper:
/usr/bin/nsenter \
-t $PID
-S $(id nobody -u)
-G $(id nobody -g)
-w/tmp
-m
--
/usr/bin/rpm
-qf
--qf $ABRT_RPM_FORMAT
$EXECUTABLE
The command enters the $PID's mount namespace, sets UID and GID to nobody (I use
the nobody user because I don't want to introduce another single purpose user -
maybe it is not a good idea) and runs rpm.
Are there any security problems with it?
Thank you for reading my email.
Regards,
Jakub
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/security@xxxxxxxxxxxxxxxxxxxxxxx
