From: ebiederm@xmission.com (Eric W. Biederman)
To: Andy Lutomirski <luto@amacapital.net>
Cc: Linux Containers <containers@lists.linux-foundation.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Linux FS Devel <linux-fsdevel@vger.kernel.org>,
"linux-kernel\@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [REVIEW][PATCH 1/2] userns: Better restrictions on when proc and sysfs can be mounted
Date: Sat, 31 Aug 2013 21:45:11 -0700 [thread overview]
Message-ID: <87eh99noa0.fsf@xmission.com> (raw)
In-Reply-To: <87a9k2g5la.fsf@xmission.com> (Eric W. Biederman's message of "Tue, 27 Aug 2013 14:57:05 -0700")
ebiederm@xmission.com (Eric W. Biederman) writes:
> Andy Lutomirski <luto@amacapital.net> writes:
>
>> On Tue, Aug 27, 2013 at 2:44 PM, Eric W. Biederman
>> <ebiederm@xmission.com> wrote:
>>>
>>> Rely on the fact that another flavor of the filesystem is already
>>> mounted and do not rely on state in the user namespace.
>>
>> Possibly dumb question: does this check whether the pre-existing mount
>> has hidepid set?
>
> Not currently.
>
> It may be worth doing something with respect to hidepid. I forget what
> hidepid tries to do, and I need to dash. But feel free to cook up a
> follow on patch.
So I have thought about this a bit more.
hidepid hides the processes that ptrace_may_access will fail on.
You can only reach the point where an unprivileged mount of a pid
namespace is possible if you have created both a user namespace and a
pid namespace. Which means the creator of the pid namespace will be
capable of ptracing all of the other processes in the pid namespace
(ignoring setns).
So I don't see a point of worry about hidepid or the hidepid gid on
child pid namespaces. The cases it is attempting to protecting against
really don't exist.
Eric
next prev parent reply other threads:[~2013-09-01 4:45 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-27 21:44 [REVIEW][PATCH 1/2] userns: Better restrictions on when proc and sysfs can be mounted Eric W. Biederman
2013-08-27 21:46 ` [REVIEW][PATCH 2/2] sysfs: Restrict mounting sysfs Eric W. Biederman
2013-08-28 19:00 ` Greg Kroah-Hartman
2013-09-23 10:33 ` James Hogan
2013-09-23 21:41 ` [PATCH] sysfs: Allow mounting without CONFIG_NET Eric W. Biederman
2013-09-24 11:25 ` James Hogan
2013-08-27 21:47 ` [REVIEW][PATCH 1/2] userns: Better restrictions on when proc and sysfs can be mounted Andy Lutomirski
2013-08-27 21:57 ` Eric W. Biederman
2013-09-01 4:45 ` Eric W. Biederman [this message]
2013-09-03 17:40 ` Andy Lutomirski
2013-11-02 6:06 ` Gao feng
2013-11-04 7:00 ` Janne Karhunen
2013-11-09 5:22 ` Eric W. Biederman
2013-11-08 2:33 ` Gao feng
2013-11-09 5:42 ` Eric W. Biederman
2013-11-13 7:26 ` Gao feng
2013-11-14 11:10 ` Gao feng
2013-11-14 16:54 ` Andy Lutomirski
2013-11-15 1:16 ` Gao feng
2013-11-15 4:54 ` Eric W. Biederman
2013-11-15 6:14 ` Gao feng
2013-11-15 8:37 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87eh99noa0.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=containers@lists.linux-foundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox