Thread (9 messages) 9 messages, 4 authors, 2016-02-24

Re: call_usermodehelper in containers

From: Ian Kent <raven@themaw.net>
Date: 2016-02-24 00:55:16
Also in: linux-fsdevel, lkml

On Tue, 2016-02-23 at 09:36 -0500, J. Bruce Fields wrote:
On Tue, Feb 23, 2016 at 10:55:30AM +0800, Ian Kent wrote:
quoted
You know, wrt. the mechanism Oleg suggested, I've been wondering if
it's
even necessary to capture process template information for
execution.

Isn't the main issue the execution of unknown arbitrary objects
getting
access to a privileged context?

Then perhaps it is sufficient to require registration of an SHA hash
(of
some sort) for these objects by a suitably privileged process and
only
allow helper execution of valid objects.
That executable probably also depends on libraries, services, and tons
of other miscellaneous stuff in its environment.  The NFSv4 client
idmapper, for example, may be doing ldap calls.  Unless the helper is
created with incredible care, I don't think that it's enough just to
verify that you're executing the correct helper.
Yeah, I was thinking the logistics of keeping something like this up to
date would be hard but calculating this for every call would be too much
overhead I think.
--b.
quoted
If that is sufficient then helper execution from within a container
or
user namespace could just use the callers environment itself.

What else do we need to be wary of, any thoughts Eric?

Ian
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help