Re: Re: [PATCH 1/3] switch_creds: Syscall to switch creds for file server ops

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday, October 17, 2013 02:20:50 Al Viro wrote:
> On Wed, Oct 16, 2013 at 06:18:16PM -0700, Eric W. Biederman wrote:
> > That doesn't look bad but it does need capable(CAP_SETUID) &&
> > capable(CAP_SETGID) or possibly something a little more refined.
> 
> D'oh
> 
> > I don't think we want file descriptor passing to all of a sudden become
> > a grant of privilege, beyond what the passed fd can do.
> 
> Definitely.  And an extra ) to make it compile wouldn't hurt either...

Ok, I'll rework this, dropping the void arg etc.  How about this:

1. have one arg, the fd, i.e. SYSCALL_DEFINE1(switch_cred, int, fd)

2. if the fd >=0 do the override in my "use the fd" variation.  This would do 
the capability check after the valid fd check.  This means that you must have
privs to mess with privs.  Returns 0 or either EBADF or EPERM

3. if the fd == -1 do the revert case.  The reason for this is there are 4 
syscalls needed to change the creds and each has an error return.  We need
a way to escape the damage and a revert to the real creds set is the best way 
to return to a known state.  This does not require a capability check because
all that can happen is to return to the immutable real set.  Also, I don't 
need the initial open of /dev/null.

Does this fit?

Jim
-- 
Jim Lieb
Linux Systems Engineer
Panasas Inc.

"If ease of use was the only requirement, we would all be riding tricycles"
- Douglas Engelbart 1925–2013
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux