From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Eric Paris <eparis-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
James Bottomley
<James.Bottomley-JuX6DAaQMKPCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>,
LSM List
<linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
simo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Subject: Re: Keyrings, user namespaces and the user_struct
Date: Wed, 26 Oct 2016 01:48:59 -0500 [thread overview]
Message-ID: <877f8vtxk4.fsf@xmission.com> (raw)
In-Reply-To: <87shrju031.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> (Eric W. Biederman's message of "Wed, 26 Oct 2016 00:54:26 -0500")
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman) writes:
> David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> writes:
>
>> Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org> wrote:
>>
>>> ... Perhaps we could simply *remove* the concept of named keys and keyrings.
>>
>> See Linus's dictum about breaking userspace.
>>
>> The problem isn't named keys: keys have to be named - the description is how
>> they're looked up typically. Further, non-keyring keys can't be looked up
>> directly by name - you have to search for them in a keyring.
>>
>> The issue here is named keyrings and keyctl_join_session_keyring(). It might
>> well have been a bad idea - though I've seen some people arguing for a single
>> session keyring shared across all a user's logins, in which case, we might
>> want this after all (or use the user-default session).
>>
>> One thing we perhaps do want to do, though, is restrict the names of keyrings
>> to the user_namespace in which the keyring was created.
>
> Grr...
>
> The first round of user namespace support had actually restricted the
> description lookup to a single user namespace. Then I missed a detail
> and converted the code to it's current form. Ooops!
>
> I think the answer for all of the issues raised in this conversation is
> to just make the keyring names and the keyring name lookup per user
> namespace.
>
> Maybe a few small additional tweaks to install_user_keyrings to notice
> if we have the user keyring from the wrong user namespace.
>
> Something like the untested patch below.
Ugh but that approach runs into the fact that the uid_keyring lives
in user_struct.
So in the short term it is probably better to use the uid in the initial
user namespace in install_user_keyrings. Then in
keyctl_join_session_keyring look for names that start with _uid. and
_uid_ses. and change the strings to have the numbers in the initial user
namespace instead of the current user namespace.
That would be the smallest change we could make, that would result
in correct code.
Eric
next prev parent reply other threads:[~2016-10-26 6:48 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20161026143856.GL3334@pc.thejh.net>
[not found] ` <CALCETrU0PqNYmWx70pugkhj-kAD5DSzSi3swhK+v12WMYZYUZA@mail.gmail.com>
[not found] ` <17576.1477412418@warthog.procyon.org.uk>
[not found] ` <17576.1477412418-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-25 16:41 ` Keyrings, user namespaces and the user_struct Jann Horn
2016-10-25 16:49 ` James Bottomley
2016-10-25 16:53 ` David Howells
[not found] ` <1477414605.3079.40.camel@HansenPartnership.com>
[not found] ` <1477414605.3079.40.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2016-10-25 17:06 ` Jann Horn
2016-10-25 17:30 ` David Howells
[not found] ` <20161025170602.GB24481@laptop.thejh.net>
[not found] ` <20161025170602.GB24481-GiL72Q0nGm9Crx9znvW9yA@public.gmane.org>
2016-10-25 18:05 ` James Bottomley
[not found] ` <1477418708.3079.52.camel@HansenPartnership.com>
[not found] ` <1477418708.3079.52.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2016-10-25 18:17 ` Jann Horn
[not found] ` <20161025181735.GC24481-GiL72Q0nGm9Crx9znvW9yA@public.gmane.org>
2016-10-25 18:21 ` James Bottomley
2016-10-25 19:34 ` Andy Lutomirski
[not found] ` <20947.1477428095@warthog.procyon.org.uk>
[not found] ` <20947.1477428095-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-25 20:51 ` James Bottomley
2016-10-26 5:54 ` Eric W. Biederman
[not found] ` <87shrju031.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-26 6:48 ` Eric W. Biederman [this message]
[not found] ` <CALCETrU0PqNYmWx70pugkhj-kAD5DSzSi3swhK+v12WMYZYUZA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-25 20:41 ` David Howells
2016-10-26 14:34 ` David Howells
[not found] ` <9243.1477492490-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-26 14:38 ` Jann Horn
[not found] ` <20161026143856.GL3334-J1fxOzX/cBvk1uMJSBkQmQ@public.gmane.org>
2016-10-26 14:48 ` David Howells
[not found] ` <9610.1477493338-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-26 18:10 ` Eric W. Biederman
[not found] ` <87mvhrrng3.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-26 18:35 ` David Howells
[not found] ` <3677.1477506925-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-27 16:11 ` David Howells
2016-10-27 16:18 ` Eric W. Biederman
[not found] ` <18846.1477416621@warthog.procyon.org.uk>
[not found] ` <18846.1477416621-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-25 18:13 ` James Bottomley
[not found] ` <1477419204.3079.60.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2016-10-25 18:22 ` Jann Horn
[not found] ` <20161025182206.GD24481@laptop.thejh.net>
[not found] ` <20161025182206.GD24481-GiL72Q0nGm9Crx9znvW9yA@public.gmane.org>
2016-10-25 18:25 ` James Bottomley
2016-10-26 4:45 ` Eric W. Biederman
[not found] ` <87y41bvhui.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-26 7:37 ` David Howells
[not found] ` <18335.1477414412-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-25 16:56 ` James Bottomley
2016-10-26 7:18 ` José Bollo
2016-10-26 4:38 ` Eric W. Biederman
2016-10-26 11:43 ` David Howells
2016-10-25 16:20 David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877f8vtxk4.fsf@xmission.com \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=James.Bottomley-JuX6DAaQMKPCXq6kfMZ53/egYHeGw8Jk@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=eparis-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=simo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.