Re: [RCF] [PATCH] unprivileged mount/umount

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Bryan Henderson wrote:
> 2) after the private mount, don't let a program that has gained privileges 
> via set-uid see the user-made names.
> 
> My point is still that (2) can't be done because you can't know that a 
> program has gained privileged via set-uid.
> 
> If it's really not about set-uid, but about ptrace-like privilege 
> borrowing, please enlighten me.

Note that not all setuid programs gain *capabilities*.

You appear to be talking about setuid-root, but there is also
setuid-some-other-user, where the capabilities don't change but the
priveleges switch to those of another uid.

The right thing to do in that case is tricky.  For example, suppose
you have a program that's setuid to the "printer" user, which can copy
the caller's file to the printer queue directories in
/var/spool/printer.  Ideally, that program should be able to read the
calling user's file, looking up the path in the calling user's
namespace (that's important, because the path is provided by the
calling user), and then write to /var/spool/printer.  (*Really*
ideally /var/spool/printer wouldn't be visible in the calling user's
namespace, but that sort of design is straying far indeed from a unix
model).

-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux