On Jan 18, 2011, at 7:47 PM, David Goulet wrote:
On 11-01-18 01:28 PM, Nils Carlson wrote:
Replying from home...
On Jan 18, 2011, at 6:29 PM, David Goulet wrote:
Hmm.. lets sort things out from basics.
app has cred A
user has cred B
consumer has cred C
We want consumer to access the apps allocated buffers, it can do
this by
getting credentials from the app over a unix socket and then doing a
setuid while opening the buffers, once buffers are open I believe uid
isn't an issue, authentication is done at open time and never after
as
far as I know.
We want the user to be able to access the files which the consumer
outputs, this can be done by sending the users credentials over a
unix
socket to the consumer, and the consumer does setuid while opening
the
files...
That way, ust-consumerd cannot setuid from an unprivileged user to
another one. consumer with cred C cannot setuid(A). In order to make
it works, ust-consumerd will have to be root or to have special
capabilities.
Yepp, CAP_SETUID or something...
Also, this means that any user can get the trace data from any
application that way right?
Well, in order to connect to the consumer and the app and so on they
have to go via the sessiond, so we could enforce whatever policy there
that we want there.
/Nils
_______________________________________________
ltt-dev mailing list
[email protected]
http://lists.casi.polymtl.ca/cgi-bin/mailman/listinfo/ltt-dev
