From: "Serge E. Hallyn" <serge@hallyn•com>
To: "Eric W. Biederman" <ebiederm@xmission•com>
Cc: David Miller <davem@davemloft•net>,
Linux Containers <containers@lists•osdl.org>,
Serge Hallyn <serue@us•ibm.com>,
Pavel Emelyanov <xemul@parallels•com>,
netdev@vger•kernel.org
Subject: Re: [PATCH 6/8] scm: Capture the full credentials of the scm sender.
Date: Tue, 15 Jun 2010 16:45:41 -0500 [thread overview]
Message-ID: <20100615214541.GA22570@hallyn.com> (raw)
In-Reply-To: <m1d3vvgirx.fsf@fess.ebiederm.org>
Quoting Eric W. Biederman (ebiederm@xmission•com):
>
> Start capturing not only the userspace pid, uid and gid values of the
> sending process but also the struct pid and struct cred of the sending
> process as well.
>
> This is in preparation for properly supporting SCM_CREDENTIALS for
> sockets that have different uid and/or pid namespaces at the different
> ends.
>
> Signed-off-by: Eric W. Biederman <ebiederm@xmission•com>
> ---
> include/net/scm.h | 28 ++++++++++++++++++++++++----
> net/core/scm.c | 24 ++++++++++++++++++++++++
> 2 files changed, 48 insertions(+), 4 deletions(-)
>
> diff --git a/include/net/scm.h b/include/net/scm.h
> index 17d9d2e..3165650 100644
> --- a/include/net/scm.h
> +++ b/include/net/scm.h
> @@ -19,6 +19,8 @@ struct scm_fp_list {
> };
>
> struct scm_cookie {
> + struct pid *pid; /* Skb credentials */
> + const struct cred *cred;
> struct scm_fp_list *fp; /* Passed files */
> struct ucred creds; /* Skb credentials */
> #ifdef CONFIG_SECURITY_NETWORK
> @@ -42,8 +44,27 @@ static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_co
> { }
> #endif /* CONFIG_SECURITY_NETWORK */
>
> +static __inline__ void scm_set_cred(struct scm_cookie *scm,
> + struct pid *pid, const struct cred *cred)
> +{
> + scm->pid = get_pid(pid);
> + scm->cred = get_cred(cred);
> + cred_to_ucred(pid, cred, &scm->creds);
> +}
> +
> +static __inline__ void scm_destroy_cred(struct scm_cookie *scm)
> +{
> + put_pid(scm->pid);
> + scm->pid = NULL;
> +
> + if (scm->cred)
> + put_cred(scm->cred);
> + scm->cred = NULL;
> +}
> +
> static __inline__ void scm_destroy(struct scm_cookie *scm)
> {
> + scm_destroy_cred(scm);
> if (scm && scm->fp)
> __scm_destroy(scm);
> }
> @@ -51,10 +72,7 @@ static __inline__ void scm_destroy(struct scm_cookie *scm)
> static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
> struct scm_cookie *scm)
> {
> - struct task_struct *p = current;
> - scm->creds.uid = current_uid();
> - scm->creds.gid = current_gid();
> - scm->creds.pid = task_tgid_vnr(p);
> + scm_set_cred(scm, task_tgid(current), current_cred());
> scm->fp = NULL;
> unix_get_peersec_dgram(sock, scm);
> if (msg->msg_controllen <= 0)
> @@ -96,6 +114,8 @@ static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg,
> if (test_bit(SOCK_PASSCRED, &sock->flags))
> put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(scm->creds), &scm->creds);
>
> + scm_destroy_cred(scm);
> +
> scm_passec(sock, msg, scm);
>
> if (!scm->fp)
> diff --git a/net/core/scm.c b/net/core/scm.c
> index b88f6f9..681c976 100644
> --- a/net/core/scm.c
> +++ b/net/core/scm.c
> @@ -170,6 +170,30 @@ int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p)
> err = scm_check_creds(&p->creds);
> if (err)
> goto error;
> +
I think this hunk needs to be documented. I.e. given that scm_send()
will call scm_set_cred() before calling __scm_send, I don't see how
these conditions could happen? If the condition can legitimately
happen, then given all of the pid_t vs struct pid and 'cred' vs. 'creds'
in these two hunks, I think a comment over each would be nice.
> + if (pid_vnr(p->pid) != p->creds.pid) {
> + struct pid *pid;
> + err = -ESRCH;
> + pid = find_get_pid(p->creds.pid);
> + if (!pid)
> + goto error;
> + put_pid(p->pid);
> + p->pid = pid;
> + }
> +
> + if ((p->cred->euid != p->creds.uid) ||
> + (p->cred->egid != p->creds.gid)) {
> + struct cred *cred;
> + err = -ENOMEM;
> + cred = prepare_creds();
> + if (!cred)
> + goto error;
> +
> + cred->uid = cred->euid = p->creds.uid;
> + cred->gid = cred->egid = p->creds.uid;
> + put_cred(p->cred);
> + p->cred = cred;
> + }
> break;
> default:
> goto error;
> --
> 1.6.5.2.143.g8cc62
>
> _______________________________________________
> Containers mailing list
> Containers@lists•linux-foundation.org
> https://lists.linux-foundation.org/mailman/listinfo/containers
next prev parent reply other threads:[~2010-06-15 21:45 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-13 13:25 [PATCH 0/8] Support unix domain sockets across namespaces Eric W. Biederman
2010-06-13 13:27 ` [PATCH 1/8] scm: Reorder scm_cookie Eric W. Biederman
2010-06-13 13:28 ` [PATCH 2/8] user_ns: Introduce user_nsmap_uid and user_ns_map_gid Eric W. Biederman
[not found] ` <m17hm3hxjw.fsf_-_-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-06-15 8:02 ` Pavel Emelyanov
2010-06-15 22:37 ` Eric W. Biederman
2010-06-15 20:58 ` Serge E. Hallyn
2010-06-15 8:00 ` [PATCH 1/8] scm: Reorder scm_cookie Pavel Emelyanov
2010-06-13 13:28 ` [PATCH 3/8] sock: Introduce cred_to_ucred Eric W. Biederman
2010-06-15 8:03 ` Pavel Emelyanov
2010-06-13 13:30 ` [PATCH 4/8] af_unix: Allow SO_PEERCRED to work across namespaces Eric W. Biederman
2010-06-14 13:37 ` Daniel Lezcano
2010-06-15 8:04 ` Pavel Emelyanov
2010-06-13 13:31 ` [PATCH 5/8] af_netlink: Add needed scm_destroy after scm_send Eric W. Biederman
2010-06-14 13:37 ` Daniel Lezcano
2010-06-15 8:06 ` Pavel Emelyanov
2010-06-13 13:32 ` [PATCH 6/8] scm: Capture the full credentials of the scm sender Eric W. Biederman
2010-06-15 8:08 ` Pavel Emelyanov
2010-06-15 9:53 ` Eric W. Biederman
2010-06-15 21:45 ` Serge E. Hallyn [this message]
2010-06-15 22:08 ` Eric W. Biederman
2010-06-16 4:47 ` Serge E. Hallyn
2010-06-13 13:34 ` [PATCH 7/8] af_unix: Allow credentials to work across user and pid namespaces Eric W. Biederman
[not found] ` <m17hm3giom.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-06-15 8:11 ` Pavel Emelyanov
2010-06-13 13:35 ` [PATCH 8/8] af_unix: Allow connecting to sockets in other network namespaces Eric W. Biederman
2010-06-14 13:37 ` Daniel Lezcano
[not found] ` <m11vcbgimj.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-06-15 8:12 ` Pavel Emelyanov
2010-06-16 22:15 ` [PATCH 0/8] Support unix domain sockets across namespaces David Miller
2010-06-16 23:17 ` David Miller
2010-06-16 23:32 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100615214541.GA22570@hallyn.com \
--to=serge@hallyn$(echo .)com \
--cc=containers@lists$(echo .)osdl.org \
--cc=davem@davemloft$(echo .)net \
--cc=ebiederm@xmission$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
--cc=serue@us$(echo .)ibm.com \
--cc=xemul@parallels$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox