[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Many questions about translators

From: Carl Fredrik Hammar
Subject: Re: Many questions about translators
Date: Fri, 16 Apr 2010 15:07:22 +0200
User-agent: Mutt/1.5.20 (2009-06-14)

On Fri, Apr 16, 2010 at 01:59:16PM +0200, Samuel Thibault wrote:
> Carl Fredrik Hammar, le Fri 16 Apr 2010 11:52:04 +0200, a écrit :
> > >      2. If yes on question 1, would this be insecure? For example, if
> > >         the user overrides a library used by a setuid program? (Then
> > >         again, if the program is running as e.g. root by setuid, it
> > >         wouldn't [at least shouldn't] see the files as the user does)
> > 
> > Actually, I'm not entirely sure.
> I'd prefer somebody else checks it too, but I believe it works this way:
> diskfs_S_file_exec calles fshelp_exec_reauth, which returns secure==1
> when the ID changes, which makes file_exec add EXEC_SECURE. In exec's
> do_exec(), one can read
>     if (secure || (defaults
>                  && boot->portarray[INIT_PORT_CRDIR] == MACH_PORT_NULL))
>       use (INIT_PORT_CRDIR, std_ports[INIT_PORT_CRDIR], 1, 0);
> which resets the root port to the hurd (or sub-hurd) root.

Ah, this rings a bell.  I'm a bit surprised that it gets the root directory
from exec and not the translator though.

> > >      4. Is it possible for a translator to provide different views of
> > >         the node for different users? For example, could each user have
> > >         their own list of packages they want installed and the HPM
> > >         translator would use ref-counting to install packages with
> > >         ref-count > 0, and/or perhaps even make different packages
> > >         appear installed for different users?
> > 
> > This is actually possible, as the translator knows the user of the
> > client so it can grant or withhold access.  But I suspect that using
> > it to provide different services to different users would violate many
> > assumptions made by clients.
> Could you try to find examples?  Usually, applications are not meant to
> be run under several different identities.

Not simultaneously, but applications can change their identity midway
with setuid().  I wouldn't really know where to look for examples, sorry.
Perhaps I'm overreacting though, as having chroots for each user could
just as well cause confusion.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]