[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Many questions about translators
|
From: |
Carl Fredrik Hammar |
|
Subject: |
Re: Many questions about translators |
|
Date: |
Fri, 16 Apr 2010 15:07:22 +0200 |
|
User-agent: |
Mutt/1.5.20 (2009-06-14) |
On Fri, Apr 16, 2010 at 01:59:16PM +0200, Samuel Thibault wrote:
> Carl Fredrik Hammar, le Fri 16 Apr 2010 11:52:04 +0200, a écrit :
> > > 2. If yes on question 1, would this be insecure? For example, if
> > > the user overrides a library used by a setuid program? (Then
> > > again, if the program is running as e.g. root by setuid, it
> > > wouldn't [at least shouldn't] see the files as the user does)
> >
> > Actually, I'm not entirely sure.
>
> I'd prefer somebody else checks it too, but I believe it works this way:
>
> diskfs_S_file_exec calles fshelp_exec_reauth, which returns secure==1
> when the ID changes, which makes file_exec add EXEC_SECURE. In exec's
> do_exec(), one can read
>
> if (secure || (defaults
> && boot->portarray[INIT_PORT_CRDIR] == MACH_PORT_NULL))
> use (INIT_PORT_CRDIR, std_ports[INIT_PORT_CRDIR], 1, 0);
>
> which resets the root port to the hurd (or sub-hurd) root.
Ah, this rings a bell. I'm a bit surprised that it gets the root directory
from exec and not the translator though.
> > > 4. Is it possible for a translator to provide different views of
> > > the node for different users? For example, could each user have
> > > their own list of packages they want installed and the HPM
> > > translator would use ref-counting to install packages with
> > > ref-count > 0, and/or perhaps even make different packages
> > > appear installed for different users?
> >
> > This is actually possible, as the translator knows the user of the
> > client so it can grant or withhold access. But I suspect that using
> > it to provide different services to different users would violate many
> > assumptions made by clients.
>
> Could you try to find examples? Usually, applications are not meant to
> be run under several different identities.
Not simultaneously, but applications can change their identity midway
with setuid(). I wouldn't really know where to look for examples, sorry.
Perhaps I'm overreacting though, as having chroots for each user could
just as well cause confusion.
Regards,
Fredrik
- Many questions about translators, Patrik Olsson, 2010/04/15
- Re: Many questions about translators, Carl Fredrik Hammar, 2010/04/16
- Re: Many questions about translators, Samuel Thibault, 2010/04/16
- Re: Many questions about translators,
Carl Fredrik Hammar <=
- Re: Many questions about translators, Samuel Thibault, 2010/04/16
- Re: Many questions about translators, olafBuddenhagen, 2010/04/18
- Re: Many questions about translators, Carl Fredrik Hammar, 2010/04/19
- Re: Many questions about translators, olafBuddenhagen, 2010/04/20
- Re: Many questions about translators, Carl Fredrik Hammar, 2010/04/21
- Re: Many questions about translators, olafBuddenhagen, 2010/04/25
Re: Many questions about translators, Patrik Olsson, 2010/04/17
Re: Many questions about translators, olafBuddenhagen, 2010/04/18