From: Mike McCormack <mikem@ring3k.org>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: oleg@redhat.com, kosaki.motohiro@jp.fujitsu.com,
serue@us.ibm.com, jmorris@namei.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] proc: Add complete process group list
Date: Wed, 23 Jun 2010 23:49:50 +0900 [thread overview]
Message-ID: <4C221F0E.8070502@ring3k.org> (raw)
In-Reply-To: <20100622153757.dcb6bda9.akpm@linux-foundation.org>
Andrew Morton wrote:
>> This feature might be useful for a server listening on a unix domain pipe
>> to determine the list of groups that a client process is in from its pid.
>
> "might be"?
Well, "would be" :-)
> It would be useful to hear a bit more about usage scenarios, why this
> is needed, etc - some hard info which would justify permanent extension
> of the kernel->userspace API. How does this get used, why is it
> needed, what are the alternatives, etc.
This will be used in a device with groups permissions checked in userspace.
Say you have a process called "telephony-server", and it talks to a number
of client processes with different privilege levels via a unix domain socket.
telephony-server might be able do things which should have different privilege
levels, like send SMS messages, make phone calls, download firmware to a 3G
modem, etc. The client processes would be members of groups reflecting
each privilege. Depending on the number of similar servers in the system,
and how fine-grained the privileges are, there might be lots of groups (>32).
telephony-server should be able to allow or deny requests depending on whether
an application is a member of the correct group or not.
unix sockets can pass credentials, but currently I can only see struct ucred
(pid, uid and gid) being passed. Using the pid, /proc/pid/status can be read
for a list of groups, but it only lists up to 32 groups.
Ways I can see to get the groups for a unix socket peer from it's pid all
mostly require some kernel modification:
* modify kernel to list all groups in /proc/<pid>/status
- very long lines become possible in status file
- no way to know whether you're using an old kernel with 32 group limit
or new kernel and pid only has 32 groups
* modify kernel to add /proc/<pid>/groups
- more kernel-userland interface
* implement LOCAL_CREDS for unix domain sockets in Linux
- work
* limit number of groups to 32
- limit is imposed by /proc code
* create multiple unix domian sockets per privilege with group r/w only
- seems like trouble
What do you think?
thanks,
Mike
next prev parent reply other threads:[~2010-06-23 15:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-22 15:07 [PATCH] proc: Add complete process group list Mike McCormack
2010-06-22 16:04 ` Oleg Nesterov
2010-06-22 22:37 ` Andrew Morton
2010-06-23 14:49 ` Mike McCormack [this message]
2010-06-24 2:41 ` KOSAKI Motohiro
2010-06-23 0:10 ` KOSAKI Motohiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C221F0E.8070502@ring3k.org \
--to=mikem@ring3k.org \
--cc=akpm@linux-foundation.org \
--cc=jmorris@namei.org \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.