Re: overlayfs: caller_credentials option bypass creator_cred

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/19/2018 07:36 AM, Vivek Goyal wrote:
On Mon, Jun 18, 2018 at 02:59:50PM -0700, Mark Salyzyn wrote:
So in this system all callers are priviliged and have the capability to
mknod and set trusted xattrs.
This is true of the callers that make adjustments (in Android's Case this is an su context provided to the adb tool for sync and push). More importantly the large variety of callers have the passive/read MAC credentials for their domain set of files; where the mounter/creator does not.
  (Amir mentioned the reason why we switch
creds). If not, then file unlink (Should do mknod), lower non-empty directory
rename (should set trusted REDIRECT) and bunch of other operations should fail.

Hmmm, neither was part of my test plan b/c these operations are more esoteric for development ... need to add them and address them.

Thanks all (You, Eric, Amir and private) for your comments, will regroup, test and address concerns!

-- Mark
--
To unsubscribe from this list: send the line "unsubscribe linux-unionfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Filesystems Devel]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux