From: "Serge E. Hallyn" <serue@us.ibm.com>
To: James Morris <jmorris@redhat.com>
Cc: David Howells <dhowells@redhat.com>,
Andrew Morton <akpm@osdl.org>,
Linux Containers <containers@lists.osdl.org>,
lkml <linux-kernel@vger.kernel.org>
Subject: [PATCH 3/3] user namespaces: reset task's credentials on CLONE_NEWUSER
Date: Fri, 3 Oct 2008 20:37:31 -0500 [thread overview]
Message-ID: <20081004013731.GB2272@us.ibm.com> (raw)
In-Reply-To: <20081004013644.GA24104@us.ibm.com>
Currently, creating a new user namespace does not reset
the task's uid or gid. Since generally that is done as
root because it requires CAP_SYS_ADMIN, and since the
first uid in the new namespace is 0, one usually doesn't
notice. However, if one does
capset cap_sys_admin=ep ns_exec
su - hallyn
ns_exec -U /bin/sh
id
then one will see hallyn's userid, and all preexisting
groups.
With this patch, cloning a new user namespace will set
the task's uid and gid to 0, and reset the group_info to
the empty set assigned to init.
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
---
kernel/user_namespace.c | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
4a159b503ed06f6d999b80680538a51ee39d6bd5
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index d59f193..3fbf520 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -9,6 +9,7 @@
#include <linux/nsproxy.h>
#include <linux/slab.h>
#include <linux/user_namespace.h>
+#include <linux/init_task.h>
/*
* Clone a new ns copying an original user ns, setting refcount to 1
@@ -47,6 +48,17 @@ int create_new_userns(int flags, struct
put_user_ns(ns);
task_switch_uid(tsk, ns->root_user);
+ tsk->uid = tsk->euid = tsk->suid = tsk->fsuid = 0;
+ tsk->gid = tsk->egid = tsk->sgid = tsk->fsgid = 0;
+
+ /* this can't be safe for unshare, can it? it's safe
+ * for fork, though. I'm tempted to limit clone_newuser to
+ * fork only */
+ task_lock(tsk);
+ put_group_info(tsk->group_info);
+ tsk->group_info = &init_groups;
+ get_group_info(tsk->group_info);
+ task_unlock(tsk);
return 0;
}
--
1.1.6
next prev parent reply other threads:[~2008-10-04 1:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-04 1:36 [PATCH 1/3] user namespaces: introduce user_struct->user_namespace relationship Serge E. Hallyn
2008-10-04 1:37 ` [PATCH 2/3] user namespaces: move user_ns from nsproxy into user struct Serge E. Hallyn
2008-10-04 1:37 ` Serge E. Hallyn [this message]
2008-10-05 21:50 ` [PATCH 1/3] user namespaces: introduce user_struct->user_namespace relationship James Morris
2008-10-06 14:11 ` Serge E. Hallyn
2008-10-06 21:50 ` James Morris
2008-10-07 17:05 ` Serge E. Hallyn
[not found] ` <20081007170539.GA525-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-07 21:08 ` James Morris
2008-10-07 21:08 ` James Morris
-- strict thread matches above, loose matches on Subject: below --
2008-08-26 18:53 Serge E. Hallyn
2008-08-26 18:56 ` [PATCH 3/3] user namespaces: reset task's credentials on CLONE_NEWUSER Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081004013731.GB2272@us.ibm.com \
--to=serue@us.ibm.com \
--cc=akpm@osdl.org \
--cc=containers@lists.osdl.org \
--cc=dhowells@redhat.com \
--cc=jmorris@redhat.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.