Re: [5/8] syscall_cred() a system call that receives alternate CREDs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I do agree with Boaz and Jim. Being capable of "mascarading" a syscall with someone's credential would be really useful. In particular, in the Ganesha's scope, it is required to properly managed quota (you need to create inodes and write to files as the user if you want those inodes and blocks to be added to the right user's bill). 

    Philippe

On 04/08/13 12:36, Boaz Harrosh wrote:

From: Jim Lieb <jlieb@xxxxxxxxxxx>

In current NFS Server (Ganesha) lots of operation becomes 6 syscalls
(Or is it 7?)

- setfsuid(), setfsgid(), thread_setgroups()
- The OP
- Revert setfsuid(), setfsgid() to root

This is because if we do all these file operations as root then
FS will not account for the quota a user have on create files,
data space, and so on.
(Note that permission checking is done by Ganesha core, because
  We may cache open fd(s) and such not, another topic)

We could maybe with hard work save the last two calls for reverting
to root, but this will force us to audit lots of code that we are
not prepared to do right now. And will not save us much.

[thread_setgroups()]
thread_setgroups() is what we use at Ganesha and what Samaba guys use
for a per-thread setgroups() call. In the Linux Kernel the setgroups is
actually always per thread. It is only the POSIX (crap) pthread layer
at glibc that intercepts the setgroups() call (and others), Iterates on
all threads that belong to a process, and calls the native Kernel setgroups
on them. So thread_setgroups() is just the raw syscall bypassing glibc's
processing. We will eventually push this API to glibc.
BTW: this is done exactly the same on FreeBSD, with same exact glibc intervention.

[Proposed]
What Jim proposed is a syscall that receives a struct that has
the regular syscalls parameters plus the creds structure with fsuid/fsgid and
groups array. Kernel will set these in, call the original syscall, and revert.
This will be done on only an interested subset of the syscalls that are one -
are related to filesystems (setfsXid) and two - are of interest to us Servers.

Jim care to scribble a structure definition?

Thanks
Boaz



--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux