From: ebiederm@xmission.com (Eric W. Biederman)
To: Stanislav Kinsbursky <skinsbursky@parallels.com>
Cc: viro@zeniv.linux.org.uk, serge.hallyn@canonical.com,
jlayton@redhat.com, lucas.demarchi@profusion.mobi,
rusty@rustcorp.com.au, linux-kernel@vger.kernel.org,
oleg@redhat.com, bfields@fieldses.org, bharrosh@panasas.com,
linux-fsdevel@vger.kernel.org, akpm@linux-foundation.org,
devel@openvz.org
Subject: Re: [RFC PATCH] fs: call_usermodehelper_root helper introduced
Date: Wed, 22 May 2013 10:33:52 -0700 [thread overview]
Message-ID: <878v36ex6n.fsf@xmission.com> (raw)
In-Reply-To: <20130522072840.27720.85023.stgit@localhost.localdomain> (Stanislav Kinsbursky's message of "Wed, 22 May 2013 11:29:18 +0400")
Stanislav Kinsbursky <skinsbursky@parallels.com> writes:
> Usermode helper executes all binaries in global "init" root context. This
> doesn't allow to call a binary from other root context (for example in a
> container).
> Currently, both containerized NFS client and NFS server requires an ability to
> execute a binary in a container's root context. Root swap can be done in
> "init" callback, passed by UMH caller.
> But since we have 2 callers already (and more of them are expected to appear
> in future) and because set_fs_root() in not exported, it looks reasonable to
> add one more generic UMH helper to generic fs code.
> Root path reference must be hold by the caller, since it will be put on UMH
> thread exit.
Awesome. With this patch as an uprivilieged user I get to pick which
binary the kernel will execute. At least if nfs and nfsd ever runs in a
user namespace (something that looks like only matter of time).
I think this is a seriously bad idea.
Why can't we do this in userspace with setns as we do with the core dump
helper?
I am missing a lot of context here and capturing the context of a
process at time time we mount the filesystem and reconstituing it in
call user mode helper seems like something we could do.
This patch as it stands looks like it would compete for the honor of the
easiest kernel feature to exploit.
Eric
next prev parent reply other threads:[~2013-05-22 17:34 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-22 7:29 [RFC PATCH] fs: call_usermodehelper_root helper introduced Stanislav Kinsbursky
2013-05-22 16:03 ` Oleg Nesterov
2013-05-22 17:33 ` Eric W. Biederman [this message]
2013-05-22 18:35 ` Eric W. Biederman
2013-05-22 19:23 ` J. Bruce Fields
2013-05-23 3:37 ` Eric W. Biederman
2013-05-23 19:06 ` J. Bruce Fields
2013-05-23 8:11 ` Stanislav Kinsbursky
2013-05-23 8:07 ` Stanislav Kinsbursky
2013-05-23 10:00 ` Eric W. Biederman
2013-05-23 10:35 ` Stanislav Kinsbursky
2013-05-23 11:31 ` Jeff Layton
2013-05-23 11:38 ` Stanislav Kinsbursky
2013-05-23 11:56 ` Jeff Layton
2013-05-23 11:58 ` Stanislav Kinsbursky
2013-05-23 12:25 ` Boaz Harrosh
2013-05-23 13:05 ` Jeff Layton
2013-05-23 19:55 ` J. Bruce Fields
2013-05-23 20:14 ` J. Bruce Fields
2013-05-23 21:32 ` Eric W. Biederman
2013-05-24 6:04 ` Stanislav Kinsbursky
2013-11-08 11:58 ` Jeff Layton
2013-05-24 5:44 ` Stanislav Kinsbursky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878v36ex6n.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=bfields@fieldses.org \
--cc=bharrosh@panasas.com \
--cc=devel@openvz.org \
--cc=jlayton@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lucas.demarchi@profusion.mobi \
--cc=oleg@redhat.com \
--cc=rusty@rustcorp.com.au \
--cc=serge.hallyn@canonical.com \
--cc=skinsbursky@parallels.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox