From: Andi Kleen <andi@firstfloor.org>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Will Drewry <wad@chromium.org>, Andi Kleen <andi@firstfloor.org>,
linux-kernel@vger.kernel.org,
Alexander Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
Roland McGrath <roland@redhat.com>,
Neil Horman <nhorman@tuxdriver.com>,
containers@lists.linux-foundation.org,
Eugene Teo <eteo@redhat.com>, Tejun Heo <tj@kernel.org>,
Serge Hallyn <serue@us.ibm.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH][RFC] v2 exec: move core_pattern pipe helper into the crashing namespace
Date: Mon, 20 Sep 2010 21:12:14 +0200 [thread overview]
Message-ID: <20100920191214.GB7496@one.firstfloor.org> (raw)
In-Reply-To: <m1eico1cyv.fsf@fess.ebiederm.org>
> The pipe process needs to run in the namespaces of the process who set
> the core pattern, not in the namespaces of the dumping process.
> Otherwise it is possible to trigger a privileged process to run in a
> context where it's reality that it expected, causing it to misuse
> it's privileges. Even if we don't have a privilege problem I think
> we will have a case of mismatched functionality where the core pattern
> will not work as expected.
For me it seems rather the other way around: running the helper in some
highly priviledged namespace is more dangerous. If it runs in the
same context as the crasher it can do the least amount of damage
relative to the crash process.
And as Will pointed out it's the only sane way to deal with net namespaces.
-Andi
--
ak@linux.intel.com -- Speaking for myself only.
next prev parent reply other threads:[~2010-09-20 19:12 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-16 18:59 [PATCH][RFC] fs/exec.c: provide the correct process pid to the pipe helper Will Drewry
2010-09-16 19:35 ` Oleg Nesterov
2010-09-16 20:12 ` Eric W. Biederman
2010-09-16 21:02 ` Will Drewry
2010-09-17 19:08 ` Roland McGrath
2010-09-17 13:26 ` Andi Kleen
2010-09-17 14:52 ` Will Drewry
2010-09-17 15:16 ` [PATCH 1/2] nsproxy: add copy_namespaces_unattached Will Drewry
2010-09-17 15:16 ` [PATCH 2/2] exec: move core_pattern pipe helper into the crashing namespace Will Drewry
2010-09-17 18:15 ` Neil Horman
2010-09-18 2:33 ` Will Drewry
[not found] ` <1284736618-27153-2-git-send-email-wad-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
2010-09-18 1:29 ` Oleg Nesterov
[not found] ` <20100918012939.GA25046-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2010-09-18 2:34 ` Will Drewry
2010-09-18 3:14 ` Will Drewry
2010-09-20 18:50 ` Oleg Nesterov
2010-09-20 20:28 ` Will Drewry
2010-09-18 3:13 ` [PATCH][RFC] v2 " Will Drewry
2010-09-20 18:34 ` Eric W. Biederman
2010-09-20 19:12 ` Andi Kleen [this message]
2010-09-20 20:26 ` Will Drewry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100920191214.GB7496@one.firstfloor.org \
--to=andi@firstfloor.org \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=containers@lists.linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=eteo@redhat.com \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=oleg@redhat.com \
--cc=roland@redhat.com \
--cc=serue@us.ibm.com \
--cc=tj@kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).