From: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: James Bottomley
<James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
eparis-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org,
dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
simo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Subject: Re: Keyrings, user namespaces and the user_struct
Date: Wed, 26 Oct 2016 08:37:20 +0100 [thread overview]
Message-ID: <30199.1477467440@warthog.procyon.org.uk> (raw)
In-Reply-To: <87y41bvhui.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Eric W. Biederman <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> wrote:
> David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> writes:
>
> > James Bottomley <James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org> wrote:
> >
> >> > There's another possibility here - since user_namespaces are
> >> > hierarchical, does it make sense to let a process see keys that are
> >> > in an ancestral namespace?
> >>
> >> I think that should be the decision of the owner. If you're creating a
> >> userns to de-privilege the next user, likely you don't want this, but
> >> if you're creating a userns to enhance it, then you do.
> >
> > Maybe the simplest is to put a 'stop here' flag on a user_namespace. Then
> > when we look to see if a key is in the caller's namespace, we go up the tree
> > until we hit the flag. If you don't find the key's ns within the caller's
> > permitted subtree, you don't get to see the key.
>
> Let me just say we already have all of that (in a much nicer format) by
> limiting the set of keys we can access to the set of users visible in
> the user namespace.
Except that we don't. Users outside of a namespace can see any key that
grants permissions to 'other' - though this is something we don't do by
default.
David
next prev parent reply other threads:[~2016-10-26 7:37 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20161026143856.GL3334@pc.thejh.net>
[not found] ` <CALCETrU0PqNYmWx70pugkhj-kAD5DSzSi3swhK+v12WMYZYUZA@mail.gmail.com>
[not found] ` <17576.1477412418@warthog.procyon.org.uk>
[not found] ` <17576.1477412418-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-25 16:41 ` Keyrings, user namespaces and the user_struct Jann Horn
2016-10-25 16:49 ` James Bottomley
2016-10-25 16:53 ` David Howells
[not found] ` <18335.1477414412-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-25 16:56 ` James Bottomley
2016-10-26 7:18 ` José Bollo
[not found] ` <1477414605.3079.40.camel@HansenPartnership.com>
[not found] ` <1477414605.3079.40.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2016-10-25 17:06 ` Jann Horn
2016-10-25 17:30 ` David Howells
[not found] ` <20161025170602.GB24481@laptop.thejh.net>
[not found] ` <20161025170602.GB24481-GiL72Q0nGm9Crx9znvW9yA@public.gmane.org>
2016-10-25 18:05 ` James Bottomley
[not found] ` <1477418708.3079.52.camel@HansenPartnership.com>
[not found] ` <1477418708.3079.52.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2016-10-25 18:17 ` Jann Horn
[not found] ` <20161025181735.GC24481-GiL72Q0nGm9Crx9znvW9yA@public.gmane.org>
2016-10-25 18:21 ` James Bottomley
2016-10-25 19:34 ` Andy Lutomirski
[not found] ` <CALCETrU0PqNYmWx70pugkhj-kAD5DSzSi3swhK+v12WMYZYUZA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-25 20:41 ` David Howells
2016-10-26 14:34 ` David Howells
[not found] ` <9243.1477492490-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-26 14:38 ` Jann Horn
[not found] ` <20161026143856.GL3334-J1fxOzX/cBvk1uMJSBkQmQ@public.gmane.org>
2016-10-26 14:48 ` David Howells
[not found] ` <9610.1477493338-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-26 18:10 ` Eric W. Biederman
[not found] ` <87mvhrrng3.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-26 18:35 ` David Howells
[not found] ` <3677.1477506925-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-27 16:11 ` David Howells
2016-10-27 16:18 ` Eric W. Biederman
[not found] ` <20947.1477428095@warthog.procyon.org.uk>
[not found] ` <20947.1477428095-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-25 20:51 ` James Bottomley
2016-10-26 5:54 ` Eric W. Biederman
[not found] ` <87shrju031.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-26 6:48 ` Eric W. Biederman
[not found] ` <18846.1477416621@warthog.procyon.org.uk>
[not found] ` <18846.1477416621-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-25 18:13 ` James Bottomley
[not found] ` <1477419204.3079.60.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2016-10-25 18:22 ` Jann Horn
[not found] ` <20161025182206.GD24481@laptop.thejh.net>
[not found] ` <20161025182206.GD24481-GiL72Q0nGm9Crx9znvW9yA@public.gmane.org>
2016-10-25 18:25 ` James Bottomley
2016-10-26 4:45 ` Eric W. Biederman
[not found] ` <87y41bvhui.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-26 7:37 ` David Howells [this message]
2016-10-26 4:38 ` Eric W. Biederman
2016-10-26 11:43 ` David Howells
2016-10-25 16:20 David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=30199.1477467440@warthog.procyon.org.uk \
--to=dhowells-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=eparis-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=simo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox