[ltt-dev] [RFC UST] Processes model

David Goulet david.goulet at polymtl.ca
Tue Jan 18 15:21:55 EST 2011



On 11-01-18 03:14 PM, Nils Carlson wrote:
>
> On Jan 18, 2011, at 7:47 PM, David Goulet wrote:
>
>>
>>
>> On 11-01-18 01:28 PM, Nils Carlson wrote:
>>> Replying from home...
>>>
>>> On Jan 18, 2011, at 6:29 PM, David Goulet wrote:
>>>
>>>
>>> Hmm.. lets sort things out from basics.
>>>
>>> app has cred A
>>> user has cred B
>>> consumer has cred C
>>>
>>> We want consumer to access the apps allocated buffers, it can do this by
>>> getting credentials from the app over a unix socket and then doing a
>>> setuid while opening the buffers, once buffers are open I believe uid
>>> isn't an issue, authentication is done at open time and never after as
>>> far as I know.
>>> We want the user to be able to access the files which the consumer
>>> outputs, this can be done by sending the users credentials over a unix
>>> socket to the consumer, and the consumer does setuid while opening the
>>> files...
>>>
>>
>> That way, ust-consumerd cannot setuid from an unprivileged user to
>> another one. consumer with cred C cannot setuid(A). In order to make
>> it works, ust-consumerd will have to be root or to have special
>> capabilities.
>>
>
> Yepp, CAP_SETUID or something...

Yep but we need a special user for ust-consumerd in that case.

This is exactly why the 1 app <-> 1 consumer was proposed to make 
consumerd NOT root and with the user credentials and tracing group.

>> Also, this means that any user can get the trace data from any
>> application that way right?
>>
>
> Well, in order to connect to the consumer and the app and so on they
> have to go via the sessiond, so we could enforce whatever policy there
> that we want there.

Exactly, this is why the sessiond should keep the UID/GID of the user 
and the apps in order to at least have a small control over access control.

I looked at the SO_PASSCRED of the socket API. Very nice to know!! Very 
nice way of getting user credential from lttngtrace and the apps.

David

>
> /Nils

-- 
David Goulet
LTTng project, DORSAL Lab.

PGP/GPG : 1024D/16BD8563
BE3C 672B 9331 9796 291A  14C6 4AF7 C14B 16BD 8563




More information about the lttng-dev mailing list