From: Cyril Hrubis <chrubis@suse.cz>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH 4/7] syscalls/kill05: Use any two unprivileged users
Date: Mon, 6 Sep 2021 15:02:04 +0200 [thread overview]
Message-ID: <YTYRTG9uXJdUaGtg@yuki> (raw)
In-Reply-To: <YTYOpPM5uupQrayf@yuki>
Hi!
> > We could just use UID 1 and 2 for this test but I'd rather not assume
> > that set*uid() functions allow setting unused UIDs. Even if it works
> > now, it could easily break in the future or on some special system auth
> > backends.
>
> Don't we already depend on being able to use unused GID? How is this
> different?
Hmm we pass the unused GID mostly to chown(), but still.
The Linux manual page specify that setuid() may fail to change if
the UID is not valid inside a namespace, that means that either there is
no UID map or particular UID is missing from the UID map. So reading
/etc/passwd hypotetically help if we are inside of a thight container
and /etc/passwd matches the UID map, but I'm not sure if this is worth
of the effort.
--
Cyril Hrubis
chrubis@suse.cz
WARNING: multiple messages have this Message-ID (diff)
From: Cyril Hrubis <chrubis@suse.cz>
To: Martin Doucha <mdoucha@suse.cz>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH 4/7] syscalls/kill05: Use any two unprivileged users
Date: Mon, 6 Sep 2021 15:02:04 +0200 [thread overview]
Message-ID: <YTYRTG9uXJdUaGtg@yuki> (raw)
Message-ID: <20210906130204.nvJEnJabb2tllh96oUZ_vFJPPjHs9O8_owuRk94rnxE@z> (raw)
In-Reply-To: <YTYOpPM5uupQrayf@yuki>
Hi!
> > We could just use UID 1 and 2 for this test but I'd rather not assume
> > that set*uid() functions allow setting unused UIDs. Even if it works
> > now, it could easily break in the future or on some special system auth
> > backends.
>
> Don't we already depend on being able to use unused GID? How is this
> different?
Hmm we pass the unused GID mostly to chown(), but still.
The Linux manual page specify that setuid() may fail to change if
the UID is not valid inside a namespace, that means that either there is
no UID map or particular UID is missing from the UID map. So reading
/etc/passwd hypotetically help if we are inside of a thight container
and /etc/passwd matches the UID map, but I'm not sure if this is worth
of the effort.
--
Cyril Hrubis
chrubis@suse.cz
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2021-09-06 13:02 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-03 15:48 [LTP] [PATCH 0/7] UID/GID lookup fixes Martin Doucha
2021-09-03 15:48 ` [LTP] [PATCH 1/7] chmod05, fchmod05: Use free GID instead of "bin" group Martin Doucha
2021-09-06 12:20 ` Cyril Hrubis
2021-09-06 12:20 ` Cyril Hrubis
2021-09-03 15:48 ` [LTP] [PATCH 2/7] Simplify syscalls/mkdir02 Martin Doucha
2021-09-06 12:20 ` Cyril Hrubis
2021-09-06 12:20 ` Cyril Hrubis
2021-09-03 15:48 ` [LTP] [PATCH 3/7] Add user/group ID lookup helper functions Martin Doucha
2021-09-06 12:21 ` Cyril Hrubis
2021-09-06 12:21 ` Cyril Hrubis
2021-09-06 12:40 ` Martin Doucha
2021-09-06 12:40 ` Martin Doucha
2021-09-03 15:48 ` [LTP] [PATCH 4/7] syscalls/kill05: Use any two unprivileged users Martin Doucha
2021-09-06 12:28 ` Cyril Hrubis
2021-09-06 12:28 ` Cyril Hrubis
2021-09-06 12:47 ` Martin Doucha
2021-09-06 12:47 ` Martin Doucha
2021-09-06 12:50 ` Cyril Hrubis
2021-09-06 12:50 ` Cyril Hrubis
2021-09-06 13:01 ` Martin Doucha
2021-09-06 13:01 ` Martin Doucha
2021-09-06 13:05 ` Cyril Hrubis
2021-09-06 13:05 ` Cyril Hrubis
2021-09-06 13:27 ` Martin Doucha
2021-09-06 13:27 ` Martin Doucha
2021-09-06 13:02 ` Cyril Hrubis [this message]
2021-09-06 13:02 ` Cyril Hrubis
2021-09-03 15:48 ` [LTP] [PATCH 5/7] syscalls/mkdir04: Simplify test and use any existing users Martin Doucha
2021-09-03 15:48 ` [LTP] [PATCH 6/7] syscalls/setregid02-04: Simplify GID handling Martin Doucha
2021-09-03 15:48 ` [LTP] [PATCH 7/7] syscalls/setregid02-04: Eliminate named group lookups Martin Doucha
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YTYRTG9uXJdUaGtg@yuki \
--to=chrubis@suse.cz \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.