From: David Herrmann <dh.herrmann@gmail.com>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Daniel Mack <daniel@zonque.org>,
Djalal Harouni <tixxdz@opendz.org>,
David Herrmann <dh.herrmann@gmail.com>
Subject: [PATCH 5/9] kdbus: perform accounting on proxied uids
Date: Thu, 6 Aug 2015 10:21:24 +0200 [thread overview]
Message-ID: <1438849288-18112-6-git-send-email-dh.herrmann@gmail.com> (raw)
In-Reply-To: <1438849288-18112-1-git-send-email-dh.herrmann@gmail.com>
If a connection proxies a uid, we should make sure to perform accounting
on that passed uid. Otherwise, limits will be shared across all proxied
users (or we'd require the proxy to run setuid() and thus require
CAP_SETUID).
However, this is only allowed if the proxy is privileged on the bus. That
is, it must have CAP_IPC_ADMIN on the domain and the passed uid must be
mapped in that domain.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
---
ipc/kdbus/connection.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/ipc/kdbus/connection.c b/ipc/kdbus/connection.c
index 243cbc7..c81888e 100644
--- a/ipc/kdbus/connection.c
+++ b/ipc/kdbus/connection.c
@@ -237,11 +237,21 @@ static struct kdbus_conn *kdbus_conn_new(struct kdbus_ep *ep,
* Note that limits are always accounted against the real UID, not
* the effective UID (cred->user always points to the accounting of
* cred->uid, not cred->euid).
+ * In case the caller is privileged, we allow changing the accounting
+ * to the faked user.
*/
if (ep->user) {
conn->user = kdbus_user_ref(ep->user);
} else {
- conn->user = kdbus_user_lookup(ep->bus->domain, current_uid());
+ kuid_t uid;
+
+ if (conn->meta_fake && uid_valid(conn->meta_fake->uid) &&
+ conn->privileged)
+ uid = conn->meta_fake->uid;
+ else
+ uid = conn->cred->uid;
+
+ conn->user = kdbus_user_lookup(ep->bus->domain, uid);
if (IS_ERR(conn->user)) {
ret = PTR_ERR(conn->user);
conn->user = NULL;
--
2.5.0
next prev parent reply other threads:[~2015-08-06 8:24 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-06 8:21 [PATCH 0/9] kdbus: set of random fixes David Herrmann
2015-08-06 8:21 ` [PATCH 1/9] kdbus: return EBADSLT on replies without slot David Herrmann
2015-08-06 8:21 ` [PATCH 2/9] kdbus: reduce stack buffer to 256 bytes David Herrmann
2015-08-06 8:21 ` [PATCH 3/9] kdbus: use separate counter for message IDs David Herrmann
2015-08-06 8:21 ` [PATCH 4/9] kdbus: move privilege checking in kdbus_conn_new() David Herrmann
2015-08-06 8:21 ` David Herrmann [this message]
2015-08-06 8:21 ` [PATCH 6/9] kdbus: inline privilege checks David Herrmann
2015-08-06 8:21 ` [PATCH 7/9] kdbus: consolidate common code David Herrmann
2015-08-06 8:21 ` [PATCH 8/9] kdbus/samples: skip if __NR_memfd_create is not defined David Herrmann
2015-08-06 8:21 ` [PATCH 9/9] kdbus/tests: properly parse KDBUS_CMD_LIST objects David Herrmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1438849288-18112-6-git-send-email-dh.herrmann@gmail.com \
--to=dh.herrmann@gmail.com \
--cc=daniel@zonque.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tixxdz@opendz.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox