From: Ian Kent <raven-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
To: "J. Bruce Fields" <bfields-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
Cc: linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Stanislav Kinsbursky
<skinsbursky-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>,
Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Greg KH
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
devel-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
bharrosh-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: call_usermodehelper in containers
Date: Wed, 24 Feb 2016 08:55:16 +0800 [thread overview]
Message-ID: <1456275316.2933.14.camel@themaw.net> (raw)
In-Reply-To: <20160223143627.GB31951-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
On Tue, 2016-02-23 at 09:36 -0500, J. Bruce Fields wrote:
> On Tue, Feb 23, 2016 at 10:55:30AM +0800, Ian Kent wrote:
> > You know, wrt. the mechanism Oleg suggested, I've been wondering if
> > it's
> > even necessary to capture process template information for
> > execution.
> >
> > Isn't the main issue the execution of unknown arbitrary objects
> > getting
> > access to a privileged context?
> >
> > Then perhaps it is sufficient to require registration of an SHA hash
> > (of
> > some sort) for these objects by a suitably privileged process and
> > only
> > allow helper execution of valid objects.
>
> That executable probably also depends on libraries, services, and tons
> of other miscellaneous stuff in its environment. The NFSv4 client
> idmapper, for example, may be doing ldap calls. Unless the helper is
> created with incredible care, I don't think that it's enough just to
> verify that you're executing the correct helper.
Yeah, I was thinking the logistics of keeping something like this up to
date would be hard but calculating this for every call would be too much
overhead I think.
>
> --b.
>
> >
> > If that is sufficient then helper execution from within a container
> > or
> > user namespace could just use the callers environment itself.
> >
> > What else do we need to be wary of, any thoughts Eric?
> >
> > Ian
WARNING: multiple messages have this Message-ID (diff)
From: Ian Kent <raven@themaw.net>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Kamezawa Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
Oleg Nesterov <oleg@redhat.com>,
Stanislav Kinsbursky <skinsbursky@parallels.com>,
Jeff Layton <jlayton@redhat.com>,
Greg KH <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-nfs@vger.kernel.org, devel@openvz.org,
bharrosh@panasas.com,
Linux Containers <containers@lists.linux-foundation.org>
Subject: Re: call_usermodehelper in containers
Date: Wed, 24 Feb 2016 08:55:16 +0800 [thread overview]
Message-ID: <1456275316.2933.14.camel@themaw.net> (raw)
In-Reply-To: <20160223143627.GB31951@fieldses.org>
On Tue, 2016-02-23 at 09:36 -0500, J. Bruce Fields wrote:
> On Tue, Feb 23, 2016 at 10:55:30AM +0800, Ian Kent wrote:
> > You know, wrt. the mechanism Oleg suggested, I've been wondering if
> > it's
> > even necessary to capture process template information for
> > execution.
> >
> > Isn't the main issue the execution of unknown arbitrary objects
> > getting
> > access to a privileged context?
> >
> > Then perhaps it is sufficient to require registration of an SHA hash
> > (of
> > some sort) for these objects by a suitably privileged process and
> > only
> > allow helper execution of valid objects.
>
> That executable probably also depends on libraries, services, and tons
> of other miscellaneous stuff in its environment. The NFSv4 client
> idmapper, for example, may be doing ldap calls. Unless the helper is
> created with incredible care, I don't think that it's enough just to
> verify that you're executing the correct helper.
Yeah, I was thinking the logistics of keeping something like this up to
date would be hard but calculating this for every call would be too much
overhead I think.
>
> --b.
>
> >
> > If that is sufficient then helper execution from within a container
> > or
> > user namespace could just use the callers environment itself.
> >
> > What else do we need to be wary of, any thoughts Eric?
> >
> > Ian
next prev parent reply other threads:[~2016-02-24 0:55 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-11 12:18 call_usermodehelper in containers Jeff Layton
2013-11-11 12:43 ` [Devel] " Vasily Kulikov
2013-11-11 13:26 ` Jeff Layton
2013-11-12 0:47 ` Greg KH
2013-11-12 11:12 ` Jeff Layton
2013-11-12 13:02 ` Stanislav Kinsbursky
2013-11-12 13:30 ` Jeff Layton
2013-11-15 5:05 ` Eric W. Biederman
2013-11-15 10:40 ` Stanislav Kinsbursky
2013-11-15 11:03 ` Eric W. Biederman
2013-11-15 11:54 ` Stanislav Kinsbursky
2016-02-12 23:39 ` Ian Kent
2016-02-13 16:08 ` Stanislav Kinsburskiy
2016-02-15 0:11 ` Ian Kent
[not found] ` <1455495082.2941.32.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-18 3:17 ` Eric W. Biederman
2016-02-18 3:17 ` Eric W. Biederman
2013-11-18 17:28 ` Oleg Nesterov
2013-11-18 18:02 ` Oleg Nesterov
2013-11-19 14:51 ` Jeff Layton
2016-02-11 0:17 ` Ian Kent
[not found] ` <1455149857.2903.9.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-18 2:57 ` Eric W. Biederman
2016-02-18 2:57 ` Eric W. Biederman
[not found] ` <8737sq4teb.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-02-18 3:43 ` Kamezawa Hiroyuki
2016-02-18 3:43 ` Kamezawa Hiroyuki
2016-02-18 6:36 ` Ian Kent
2016-02-18 7:37 ` Ian Kent
[not found] ` <1455781033.2908.5.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-18 20:45 ` Eric W. Biederman
2016-02-18 20:45 ` Eric W. Biederman
[not found] ` <87r3g9ychc.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-02-19 3:08 ` Kamezawa Hiroyuki
2016-02-19 3:08 ` Kamezawa Hiroyuki
[not found] ` <56C68714.2000900-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
2016-02-19 5:37 ` Ian Kent
2016-02-19 5:37 ` Ian Kent
[not found] ` <1455860260.3356.31.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-19 9:30 ` Kamezawa Hiroyuki
2016-02-19 9:30 ` Kamezawa Hiroyuki
[not found] ` <56C6E0A8.3010806-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
2016-02-20 3:28 ` Ian Kent
2016-02-20 3:28 ` Ian Kent
2016-02-19 5:14 ` Ian Kent
2016-02-19 5:14 ` Ian Kent
2016-02-23 2:55 ` Ian Kent
[not found] ` <1456196130.2911.10.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-23 14:36 ` J. Bruce Fields
2016-02-23 14:36 ` J. Bruce Fields
[not found] ` <20160223143627.GB31951-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2016-02-24 0:55 ` Ian Kent [this message]
2016-02-24 0:55 ` Ian Kent
[not found] ` <1455858850.3356.19.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-23 2:55 ` Ian Kent
[not found] ` <1455777387.3188.24.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-18 7:37 ` Ian Kent
[not found] ` <56C53DE3.1070108-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
2016-02-18 6:36 ` Ian Kent
2016-03-24 7:45 ` Ian Kent
2016-03-25 1:28 ` Oleg Nesterov
2016-03-25 7:25 ` Ian Kent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1456275316.2933.14.camel@themaw.net \
--to=raven-pksag3nr2i+stnjn9+bgxg@public.gmane.org \
--cc=bfields-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org \
--cc=bharrosh-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=devel-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org \
--cc=jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=skinsbursky-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.