"Serge E. Hallyn" <[email protected]> writes:
> Quoting Eric W. Biederman ([email protected]):
>> Dave Hansen <[email protected]> writes:
>>
>> > On Thu, 2006-07-13 at 12:14 -0600, Eric W. Biederman wrote:
>> >> Maybe. I really think the sane semantics are in a different uid namespace.
>> >> So you can't assumes uids are the same. Otherwise you can't handle open
>> >> file descriptors or files passed through unix domain sockets.
>> >
>> > Eric, could you explain this a little bit more? I'm not sure I
>> > understand the details of why this is a problem?
>>
>> Very simply.
>>
>> In the presence of a user namespace.
>> All comparisons of a user equality need to be of the tuple (user namespace,
> user id).
>> Any comparison that does not do that is an optimization.
>>
>> Because you can have access to files created in another user namespace it
>> is very unlikely that optimization will apply very frequently. The easy
> scenario
>> to get access to a file descriptor from another context is to consider unix
>> domain sockets.
>
> What does that have to do with uids? If you receive an fd, uids don't
> matter in any case. The only permission checks which happen are LSM
> hooks, which should be uid-agnostic.
You are guest uid 0. You get a directory file descriptor from another namespace.
You call fchdir.
If you permission checks are not (user namespace, uid) what can't you do?
Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
