On Fri, Dec 6, 2019 at 8:05 PM Jann Horn <jannh@xxxxxxxxxx> wrote: > On Fri, Dec 6, 2019 at 8:03 PM Sargun Dhillon <sargun@xxxxxxxxx> wrote: > > On Fri, Dec 6, 2019 at 6:10 AM Tycho Andersen <tycho@xxxxxxxx> wrote: > > > On Thu, Dec 05, 2019 at 11:44:53PM +0000, Sargun Dhillon wrote: > > > > take action on an FD on behalf of the tracee. For example, this > > > > can be combined with seccomp's user notification feature to extract > > > > a file descriptor and call privileged syscalls, like binding > > > > a socket to a privileged port. > > > > > > This can already be accomplished via injecting parasite code like CRIU > > > does; adding a ptrace() command like this makes it much nicer to be > > > sure, but it is redundant. > > > > > How can you do this if the tracee doesn't have privilege? For example, > > if the tracee doesn't have CAP_SYS_BIND_SERVICE, how could you > > get it to bind to a port that's privileged without taking the file descriptor > > and doing it in a process that does have CAP_SYS_BIND_SERVICE? > > (You can let the parasite send the fd to the tracer via > SCM_CREDENTIALS if you have previously set up a unix domain socket for > this.) Eh, sorry, of course I meant SCM_RIGHTS.
