From: Jan Hudec <bulb@ucw.cz>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: hbryan@us.ibm.com, ericvh@gmail.com, hch@infradead.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
smfrench@austin.rr.com
Subject: Re: [RCF] [PATCH] unprivileged mount/umount
Date: Fri, 13 May 2005 09:19:24 +0200 [thread overview]
Message-ID: <20050513071924.GA9667@vagabond> (raw)
In-Reply-To: <E1DWT0t-0000of-00@dorka.pomaz.szeredi.hu>
[-- Attachment #1: Type: text/plain, Size: 1851 bytes --]
On Fri, May 13, 2005 at 07:47:07 +0200, Miklos Szeredi wrote:
> > > 2) Not giving up suid for cloned and propagated mounts, but having
> > > extra limitations (suid/sgid programs cannot access unprivileged
> > > "synthetic" mounts)
> >
> > (2) isn't realistic. There's no such thing as a suid program. Suid is a
> > characteristic of a _file_. There's no way to know whether a given
> > executing program is running with privileges that came from a suid file
> > getting exec'ed. Bear in mind that that exec could be pretty remote --
> > done by a now-dead ancestor with three more execs in between.
> >
> > Many user space programs contain hacks to try to discern this information,
> > and they often cause me headaches and I have to fix them. The usual hacks
> > are euid==uid, euid==suid, and/or euid==0. It would be an order of
> > magnitude worse for the kernel to contain such a hack.
>
> Guess what? It's already there. Look in ptrace_attach() in
> kernel/ptrace.c
>
> You could argue about the usefulness of ptrace. The point is, that
> suid/sgid programs _can_ be discerned, and ptrace _needs_ to discern
> them.
I actually neither needs to, nor does. For ptrace the definition is:
If the tracee has different privilegies, than the tracer, than it
can't be traced.
For this definition, the check is not a hack. It's the only way to go.
Now this definition is really what is needed for the filesystem case
too, so I think it's not a hack either.
> And for the same reason, user controlled filesystems also need to do
> this check. See Documentation/filesystems/fuse.txt in -mm and later
> discussion in this thread for more information.
-------------------------------------------------------------------------------
Jan 'Bulb' Hudec <bulb@ucw.cz>
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2005-05-13 7:20 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-03 14:31 [RCF] [PATCH] unprivileged mount/umount Miklos Szeredi
2005-05-04 13:08 ` Eric Van Hensbergen
2005-05-04 14:21 ` Miklos Szeredi
2005-05-04 14:51 ` Eric Van Hensbergen
2005-05-04 15:21 ` Miklos Szeredi
2005-05-11 8:51 ` Christoph Hellwig
2005-05-11 10:31 ` Miklos Szeredi
2005-05-12 21:08 ` Bryan Henderson
2005-05-13 5:47 ` Miklos Szeredi
2005-05-13 7:19 ` Jan Hudec [this message]
2005-05-13 8:33 ` Miklos Szeredi
2005-05-13 23:09 ` Bryan Henderson
2005-05-14 6:58 ` Miklos Szeredi
2005-05-16 18:35 ` Bryan Henderson
2005-05-14 11:49 ` Jamie Lokier
2005-05-04 13:47 ` Martin Waitz
2005-05-04 14:34 ` Miklos Szeredi
2005-05-11 8:53 ` Christoph Hellwig
2005-05-11 8:48 ` Christoph Hellwig
2005-05-11 10:20 ` Miklos Szeredi
2005-05-16 9:34 ` Christoph Hellwig
[not found] <406SQ-5P9-5@gated-at.bofh.it>
[not found] ` <40rNB-6p8-3@gated-at.bofh.it>
[not found] ` <40t37-7ol-5@gated-at.bofh.it>
[not found] ` <42VeB-8hG-3@gated-at.bofh.it>
[not found] ` <42WNo-1eJ-17@gated-at.bofh.it>
2005-05-11 16:41 ` Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>
2005-05-11 17:07 ` Jamie Lokier
2005-05-11 18:49 ` Miklos Szeredi
2005-05-11 19:05 ` serue
2005-05-11 19:46 ` Bodo Eggert
2005-05-11 20:40 ` Miklos Szeredi
2005-05-11 21:11 ` Jamie Lokier
2005-05-12 3:05 ` serue
2005-05-11 19:35 ` Ram
2005-05-11 20:31 ` Miklos Szeredi
2005-05-11 21:28 ` Jamie Lokier
2005-05-11 22:42 ` Ram
2005-05-11 22:58 ` Eric Van Hensbergen
2005-05-12 1:02 ` Jamie Lokier
2005-05-12 2:18 ` Eric Van Hensbergen
2005-05-12 6:45 ` Jamie Lokier
2005-05-12 13:23 ` Eric Van Hensbergen
2005-05-12 13:47 ` serue
2005-05-12 15:16 ` Jamie Lokier
2005-05-12 12:51 ` serue
2005-05-12 18:51 ` Miklos Szeredi
2005-05-12 19:56 ` Jamie Lokier
2005-05-13 8:55 ` Miklos Szeredi
2005-05-13 1:10 ` Ram
2005-05-13 6:06 ` Miklos Szeredi
2005-05-13 7:25 ` Ram
2005-05-13 8:59 ` Ram
2005-05-13 9:10 ` Miklos Szeredi
2005-05-13 16:53 ` Ram
2005-05-13 17:14 ` Miklos Szeredi
2005-05-13 18:44 ` Alan Cox
2005-05-13 20:56 ` Bryan Henderson
2005-05-12 0:59 ` Jamie Lokier
2005-05-13 6:41 ` Ram
2005-05-11 21:09 ` Jamie Lokier
2005-05-11 21:20 ` Miklos Szeredi
2005-05-11 21:32 ` Jamie Lokier
2005-05-11 19:32 ` Bodo Eggert
2005-05-11 21:23 ` Jamie Lokier
2005-05-11 21:34 ` Miklos Szeredi
2005-05-11 21:36 ` Jamie Lokier
2005-05-12 3:08 ` serue
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050513071924.GA9667@vagabond \
--to=bulb@ucw.cz \
--cc=ericvh@gmail.com \
--cc=hbryan@us.ibm.com \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=smfrench@austin.rr.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).