[ltt-dev] [RFC UST] Processes model

Nils Carlson nils.carlson at ludd.ltu.se
Tue Jan 18 15:14:46 EST 2011


On Jan 18, 2011, at 7:47 PM, David Goulet wrote:

>
>
> On 11-01-18 01:28 PM, Nils Carlson wrote:
>> Replying from home...
>>
>> On Jan 18, 2011, at 6:29 PM, David Goulet wrote:
>>
>>
>> Hmm.. lets sort things out from basics.
>>
>> app has cred A
>> user has cred B
>> consumer has cred C
>>
>> We want consumer to access the apps allocated buffers, it can do  
>> this by
>> getting credentials from the app over a unix socket and then doing a
>> setuid while opening the buffers, once buffers are open I believe uid
>> isn't an issue, authentication is done at open time and never after  
>> as
>> far as I know.
>> We want the user to be able to access the files which the consumer
>> outputs, this can be done by sending the users credentials over a  
>> unix
>> socket to the consumer, and the consumer does setuid while opening  
>> the
>> files...
>>
>
> That way, ust-consumerd cannot setuid from an unprivileged user to  
> another one. consumer with cred C cannot setuid(A). In order to make  
> it works, ust-consumerd will have to be root or to have special  
> capabilities.
>

Yepp, CAP_SETUID or something...
> Also, this means that any user can get the trace data from any  
> application that way right?
>

Well, in order to connect to the consumer and the app and so on they  
have to go via the sessiond, so we could enforce whatever policy there  
that we want there.

/Nils




More information about the lttng-dev mailing list