[Devel] Re: [PATCH 6/8] scm: Capture the full credentials of the scm sender.
Serge E. Hallyn
serge at hallyn.com
Tue Jun 15 21:47:19 PDT 2010
Quoting Eric W. Biederman (ebiederm at xmission.com):
> "Serge E. Hallyn" <serge at hallyn.com> writes:
> > I think this hunk needs to be documented. I.e. given that scm_send()
> > will call scm_set_cred() before calling __scm_send, I don't see how
> > these conditions could happen? If the condition can legitimately
> > happen, then given all of the pid_t vs struct pid and 'cred' vs. 'creds'
> > in these two hunks, I think a comment over each would be nice.
>
> I think if you have the full context of __scm_send it becomes pretty obvious.
>
> case SCM_CREDENTIALS:
> if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct ucred)))
> goto error;
> memcpy(&p->creds, CMSG_DATA(cmsg), sizeof(struct ucred));
> err = scm_check_creds(&p->creds);
> if (err)
> goto error;
>
> At this point we have just copied ucred from userspace. We have done
> scm_check_creds to ensure we allow the user to send the pid, uid, and
> gid they have passed in.
>
> These tests catch the case where the user is legitimately sending
> something other than their own credentials.
Of course. Sorry. And I even had the context in the window next to the
email... So finally,
Acked-by: Serge E. Hallyn <serge at hallyn.com>
to the set, and I'm looking forward to this being in. And it should solve
the nuisance of containers without private netns rebooting their hosts
when both use upstart.
thanks,
-serge
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list