From: "Serge E. Hallyn" <serue@us.ibm.com>
To: lkml <linux-kernel@vger.kernel.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Andrew Morton <akpm@osdl.org>
Subject: [PATCH 3/3] user namespaces: reset task's credentials on CLONE_NEWUSER
Date: Tue, 26 Aug 2008 13:56:06 -0500 [thread overview]
Message-ID: <20080826185605.GC338@us.ibm.com> (raw)
In-Reply-To: <20080826185341.GA338@us.ibm.com>
Currently, creating a new user namespace does not reset
the task's uid or gid. Since generally that is done as
root because it requires CAP_SYS_ADMIN, and since the
first uid in the new namespace is 0, one usually doesn't
notice. However, if one does
capset cap_sys_admin=ep ns_exec
su - hallyn
ns_exec -U /bin/sh
id
then one will see hallyn's userid, and all preexisting
groups.
With this patch, cloning a new user namespace will set
the task's uid and gid to 0, and reset the group_info to
the empty set assigned to init.
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
---
kernel/user_namespace.c | 14 ++++++++++++++
1 files changed, 14 insertions(+), 0 deletions(-)
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index d59f193..16e6296 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -10,6 +10,9 @@
#include <linux/slab.h>
#include <linux/user_namespace.h>
+/* defined in kernel/sys.c */
+extern struct group_info init_groups;
+
/*
* Clone a new ns copying an original user ns, setting refcount to 1
* @old_ns: namespace to clone
@@ -47,6 +50,17 @@ int create_new_userns(int flags, struct task_struct *tsk)
put_user_ns(ns);
task_switch_uid(tsk, ns->root_user);
+ tsk->uid = tsk->euid = tsk->suid = tsk->fsuid = 0;
+ tsk->gid = tsk->egid = tsk->sgid = tsk->fsgid = 0;
+
+ /* this can't be safe for unshare, can it? it's safe
+ * for fork, though. I'm tempted to limit clone_newuser to
+ * fork only */
+ task_lock(tsk);
+ put_group_info(tsk->group_info);
+ tsk->group_info = &init_groups;
+ get_group_info(tsk->group_info);
+ task_unlock(tsk);
return 0;
}
--
1.5.4.3
next prev parent reply other threads:[~2008-08-26 18:56 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-26 18:53 [PATCH 1/3] user namespaces: introduce user_struct->user_namespace relationship Serge E. Hallyn
2008-08-26 18:55 ` [PATCH 2/3] user namespaces: move user_ns from nsproxy into user struct Serge E. Hallyn
2008-08-26 18:56 ` Serge E. Hallyn [this message]
2008-08-28 0:07 ` [PATCH 1/3] user namespaces: introduce user_struct->user_namespace relationship Andrew Morton
2008-08-28 0:52 ` Serge E. Hallyn
-- strict thread matches above, loose matches on Subject: below --
2008-10-04 1:36 Serge E. Hallyn
2008-10-04 1:37 ` [PATCH 3/3] user namespaces: reset task's credentials on CLONE_NEWUSER Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080826185605.GC338@us.ibm.com \
--to=serue@us.ibm.com \
--cc=akpm@osdl.org \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.