[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Many questions about translators
From: |
Samuel Thibault |
Subject: |
Re: Many questions about translators |
Date: |
Fri, 16 Apr 2010 15:14:54 +0200 |
User-agent: |
Mutt/1.5.12-2006-07-14 |
Carl Fredrik Hammar, le Fri 16 Apr 2010 15:07:22 +0200, a écrit :
> On Fri, Apr 16, 2010 at 01:59:16PM +0200, Samuel Thibault wrote:
> > Carl Fredrik Hammar, le Fri 16 Apr 2010 11:52:04 +0200, a écrit :
> > > > 2. If yes on question 1, would this be insecure? For example, if
> > > > the user overrides a library used by a setuid program? (Then
> > > > again, if the program is running as e.g. root by setuid, it
> > > > wouldn't [at least shouldn't] see the files as the user does)
> > >
> > > Actually, I'm not entirely sure.
> >
> > I'd prefer somebody else checks it too, but I believe it works this way:
> >
> > diskfs_S_file_exec calles fshelp_exec_reauth, which returns secure==1
> > when the ID changes, which makes file_exec add EXEC_SECURE. In exec's
> > do_exec(), one can read
> >
> > if (secure || (defaults
> > && boot->portarray[INIT_PORT_CRDIR] == MACH_PORT_NULL))
> > use (INIT_PORT_CRDIR, std_ports[INIT_PORT_CRDIR], 1, 0);
> >
> > which resets the root port to the hurd (or sub-hurd) root.
>
> Ah, this rings a bell. I'm a bit surprised that it gets the root directory
> from exec and not the translator though.
That could have been useful in some cases maybe, yes.
BTW, this is why running a setuid program in a chroot escapes the
chroot.
> > > > 4. Is it possible for a translator to provide different views of
> > > > the node for different users? For example, could each user have
> > > > their own list of packages they want installed and the HPM
> > > > translator would use ref-counting to install packages with
> > > > ref-count > 0, and/or perhaps even make different packages
> > > > appear installed for different users?
> > >
> > > This is actually possible, as the translator knows the user of the
> > > client so it can grant or withhold access. But I suspect that using
> > > it to provide different services to different users would violate many
> > > assumptions made by clients.
> >
> > Could you try to find examples? Usually, applications are not meant to
> > be run under several different identities.
>
> Not simultaneously, but applications can change their identity midway
> with setuid().
That's what I had in mind yes, but I'm still wondering :)
Samuel
- Many questions about translators, Patrik Olsson, 2010/04/15
- Re: Many questions about translators, Carl Fredrik Hammar, 2010/04/16
- Re: Many questions about translators, Samuel Thibault, 2010/04/16
- Re: Many questions about translators, Carl Fredrik Hammar, 2010/04/16
- Re: Many questions about translators,
Samuel Thibault <=
- Re: Many questions about translators, olafBuddenhagen, 2010/04/18
- Re: Many questions about translators, Carl Fredrik Hammar, 2010/04/19
- Re: Many questions about translators, olafBuddenhagen, 2010/04/20
- Re: Many questions about translators, Carl Fredrik Hammar, 2010/04/21
- Re: Many questions about translators, olafBuddenhagen, 2010/04/25
Re: Many questions about translators, Patrik Olsson, 2010/04/17
Re: Many questions about translators, olafBuddenhagen, 2010/04/18