[ltt-dev] [RFC UST] Processes model

Nils Carlson nils.carlson at ludd.ltu.se
Tue Jan 18 15:14:46 EST 2011

On Jan 18, 2011, at 7:47 PM, David Goulet wrote:

> On 11-01-18 01:28 PM, Nils Carlson wrote:
>> Replying from home...
>> On Jan 18, 2011, at 6:29 PM, David Goulet wrote:
>> Hmm.. lets sort things out from basics.
>> app has cred A
>> user has cred B
>> consumer has cred C
>> We want consumer to access the apps allocated buffers, it can do  
>> this by
>> getting credentials from the app over a unix socket and then doing a
>> setuid while opening the buffers, once buffers are open I believe uid
>> isn't an issue, authentication is done at open time and never after  
>> as
>> far as I know.
>> We want the user to be able to access the files which the consumer
>> outputs, this can be done by sending the users credentials over a  
>> unix
>> socket to the consumer, and the consumer does setuid while opening  
>> the
>> files...
> That way, ust-consumerd cannot setuid from an unprivileged user to  
> another one. consumer with cred C cannot setuid(A). In order to make  
> it works, ust-consumerd will have to be root or to have special  
> capabilities.

Yepp, CAP_SETUID or something...
> Also, this means that any user can get the trace data from any  
> application that way right?

Well, in order to connect to the consumer and the app and so on they  
have to go via the sessiond, so we could enforce whatever policy there  
that we want there.


More information about the lttng-dev mailing list