Re: [PATCH v6 0/3] implement OA2_CRED_INHERIT flag for openat2()

From: stsp
Date: Tue May 21 2024 - 16:43:41 EST

Next message: andrey . konovalov: "[PATCH v2] kcov, usb: disable interrupts in kcov_remote_start_usb_softirq"
Previous message: Bjorn Helgaas: "Re: [PATCH v16 19/22] dt-bindings: PCI: Add StarFive JH7110 PCIe controller"
In reply to: Jann Horn: "Re: [PATCH v6 0/3] implement OA2_CRED_INHERIT flag for openat2()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

21.05.2024 22:01, Jann Horn пишет:

On Sat, Apr 27, 2024 at 1:24 PM Stas Sergeev <stsp2@xxxxxxxxx> wrote:

This patch-set implements the OA2_CRED_INHERIT flag for openat2() syscall.
It is needed to perform an open operation with the creds that were in
effect when the dir_fd was opened, if the dir was opened with O_CRED_ALLOW
flag. This allows the process to pre-open some dirs and switch eUID
(and other UIDs/GIDs) to the less-privileged user, while still retaining
the possibility to open/create files within the pre-opened directory set.

As Andy Lutomirski mentioned before, Linux already has Landlock
(https://docs.kernel.org/userspace-api/landlock.html) for unprivileged
filesystem sandboxing. What benefits does OA2_CRED_INHERIT have
compared to Landlock?

The idea is different.
OA2_CRED_INHERIT was supposed to give you an additional access (to what you can't access otherwise, after a priv drop), while landlock allows you to explicitly restrict an access. OA2_CRED_INHERIT more answered with idmapped mounts rather than the landlock, but idmapped mounts are not fully unpriv'd.

Next message: andrey . konovalov: "[PATCH v2] kcov, usb: disable interrupts in kcov_remote_start_usb_softirq"
Previous message: Bjorn Helgaas: "Re: [PATCH v16 19/22] dt-bindings: PCI: Add StarFive JH7110 PCIe controller"
In reply to: Jann Horn: "Re: [PATCH v6 0/3] implement OA2_CRED_INHERIT flag for openat2()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]