On 11-01-18 03:14 PM, Nils Carlson wrote:
On Jan 18, 2011, at 7:47 PM, David Goulet wrote:
On 11-01-18 01:28 PM, Nils Carlson wrote:
Replying from home...
On Jan 18, 2011, at 6:29 PM, David Goulet wrote:
Hmm.. lets sort things out from basics.
app has cred A
user has cred B
consumer has cred C
We want consumer to access the apps allocated buffers, it can do this by
getting credentials from the app over a unix socket and then doing a
setuid while opening the buffers, once buffers are open I believe uid
isn't an issue, authentication is done at open time and never after as
far as I know.
We want the user to be able to access the files which the consumer
outputs, this can be done by sending the users credentials over a unix
socket to the consumer, and the consumer does setuid while opening the
files...
That way, ust-consumerd cannot setuid from an unprivileged user to
another one. consumer with cred C cannot setuid(A). In order to make
it works, ust-consumerd will have to be root or to have special
capabilities.
Yepp, CAP_SETUID or something...
Yep but we need a special user for ust-consumerd in that case.
This is exactly why the 1 app <-> 1 consumer was proposed to make
consumerd NOT root and with the user credentials and tracing group.
Also, this means that any user can get the trace data from any
application that way right?
Well, in order to connect to the consumer and the app and so on they
have to go via the sessiond, so we could enforce whatever policy there
that we want there.
Exactly, this is why the sessiond should keep the UID/GID of the user
and the apps in order to at least have a small control over access control.
I looked at the SO_PASSCRED of the socket API. Very nice to know!! Very
nice way of getting user credential from lttngtrace and the apps.
David
/Nils
--
David Goulet
LTTng project, DORSAL Lab.
PGP/GPG : 1024D/16BD8563
BE3C 672B 9331 9796 291A 14C6 4AF7 C14B 16BD 8563
_______________________________________________
ltt-dev mailing list
[email protected]
http://lists.casi.polymtl.ca/cgi-bin/mailman/listinfo/ltt-dev
