Re: [PATCH -mm 5/7] add user namespace

[Eric W. Biederman]

Dave Hansen <haveblue@xxxxxxxxxx> writes:

> On Thu, 2006-07-13 at 13:02 -0600, Eric W. Biederman wrote:
>> All comparisons of a user equality need to be of the tuple (user namespace,
> user id).
>> Any comparison that does not do that is an optimization.
> ...
>> So my impression was that Cedric's patchset was overoptimized because
>> it did not change most of the uid comparisons, to (user namespace, user id).
>
> I might just be tempted to call them bugs so people understand what I'm
> talking about ;)
>
>> Because you can have access to files created in another user namespace it
>> is very unlikely that optimization will apply very frequently.  The easy
> scenario
>> to get access to a file descriptor from another context is to consider unix
>> domain sockets.
>
> OK, so you're saying that the lack of checks will cause problems rarely,
> and that passing a fd across a unix domain sockets is one of the times
> when you _could_ encounter this problem?

I think for filesystems like /proc and /sys that there will normally
be problems.  However many of those problems can be rationalized away
as a reasonable optimization, or are not immediately apparent.

Passing a file descriptor between process in a unix domain socket is
a case where I can easily construct scenarios where there are
indisputable problems.  It is one of my standard thought experiments
to see if a namespace is sound.

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/