[ltt-dev] [RFC UST] Processes model
Nils Carlson
nils.carlson at ludd.ltu.se
Tue Jan 18 15:14:46 EST 2011
On Jan 18, 2011, at 7:47 PM, David Goulet wrote:
>
>
> On 11-01-18 01:28 PM, Nils Carlson wrote:
>> Replying from home...
>>
>> On Jan 18, 2011, at 6:29 PM, David Goulet wrote:
>>
>>
>> Hmm.. lets sort things out from basics.
>>
>> app has cred A
>> user has cred B
>> consumer has cred C
>>
>> We want consumer to access the apps allocated buffers, it can do
>> this by
>> getting credentials from the app over a unix socket and then doing a
>> setuid while opening the buffers, once buffers are open I believe uid
>> isn't an issue, authentication is done at open time and never after
>> as
>> far as I know.
>> We want the user to be able to access the files which the consumer
>> outputs, this can be done by sending the users credentials over a
>> unix
>> socket to the consumer, and the consumer does setuid while opening
>> the
>> files...
>>
>
> That way, ust-consumerd cannot setuid from an unprivileged user to
> another one. consumer with cred C cannot setuid(A). In order to make
> it works, ust-consumerd will have to be root or to have special
> capabilities.
>
Yepp, CAP_SETUID or something...
> Also, this means that any user can get the trace data from any
> application that way right?
>
Well, in order to connect to the consumer and the app and so on they
have to go via the sessiond, so we could enforce whatever policy there
that we want there.
/Nils
More information about the lttng-dev
mailing list