patacongo commented on code in PR #8924: URL: https://github.com/apache/nuttx/pull/8924#discussion_r1152177168
########## binfmt/binfmt_execmodule.c: ########## @@ -266,6 +266,10 @@ int exec_module(FAR struct binary_s *binp, pid = tcb->cmn.pid; +#ifdef CONFIG_SCHED_USER_IDENTITY + tcb->cmn.group->tg_uid = binp->proguid; Review Comment: > I think that is depended on the fork and setuid policy from app. But we can set a default UID when task is creating. NuttX currently sets the user and group IDs of "normally" created tasks to the IDs of the parent: https://github.com/apache/nuttx/blob/master/sched/group/group_create.c#L91 I think an inconsistent policy for executable modules would be a bad idea. When running executable files on a file system, the POSIX behavior differs depending on the state of ST_NOSUID mount flags on the volume. Are you trying to emulate setting the UID from the UID in the executable file permissions? If ST_NOSUID is set on the mounted file system AND the set-user-ID bit is set in the file permissions, then the user and group IDs of the file are used. Otherwise, the user and group IDs are are inherited from the parent. That is my understanding of the POSIX requirement. I certainly think we as a project need to agree on this policy before we commit to it. This has long term implications for behavior and compatibility with POSIX and other *nix systems. The POSIX requirement is given in https://pubs.opengroup.org/onlinepubs/007904875/functions/exec.html (among other places at OpenGroup.org): > If the ST_NOSUID bit is set for the file system containing the new process image file, then the effective user ID, effective group ID, saved set-user-ID, and saved set-group-ID are unchanged in the new process image. If the file system was mounted with the ST_NOSUID f_flag, then the file inherits the user and group IDs from the parent: That is, the fork duplicates the those IDs and loading the file system image does not change them. > Otherwise, if the set-user-ID mode bit of the new process image file is set, the effective user ID of the new process image shall be set to the user ID of the new process image file. If the file system foes not include ST_NOSUID in f_flags, then be behavior is determined by the set-user-ID bits in the file permissions: If the set-user-ID bit is set, the the user and group ID is set to the user and group ID of the file. _[I am not aware of any file system supported by NuttX that supports the set-user-ID or set-group-ID permission bits. Linux does not support these permission bits either, probably because it is a gaping security hole. ]_ The group ID works basically the same: > Similarly, if the set-group-ID mode bit of the new process image file is set, the effective group ID of the new process image shall be set to the group ID of the new process image file. The real user ID, real group ID, and supplementary group IDs of the new process image shall remain the same as those of the calling process image. The effective user ID and effective group ID of the new process image shall be saved (as the saved set-user-ID and the saved set-group-ID) for use by setuid(). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
