On Fri, Jan 24, 2014 at 03:31:15PM -0800, Eric W. Biederman wrote: > Seth Forshee <seth.fors...@canonical.com> writes: > > > root is allowed to steal ttys from other sessions, but it > > requires system-wide CAP_SYS_ADMIN and therefore is not possible > > for root within a user namespace. This should be allowed so long > > as the process doing the stealing is privileged towards the > > session which currently owns the tty. > > > > Update this code to only require CAP_SYS_ADMIN in the user > > namespaces of the target session's tasks, allowing the tty to be > > stolen from sessions whose tasks are in the same or lesser > > privileged user namespaces. > > This code looks essentially correct. I would like to look at it a bit > more before we merge it, just to ensure something silly hasn't been > missed, but the only thing that concerns me at this point is are we > checking the proper per task bits. > > The case I am currently worrying about is a task that does something > privileged drops perms sets dumpable and then calls setns() on the > userns. > > So I think we may have to solve the dumpable problem at the same time as > we solve this issue. > > Now I don't know if it makes sense to take this through the tty tree or > my userns tree. I am inclined to take it through the userns tree simply > because I am reviewing it and I have seen the several failed attempts at > this but if Greg wants it in the tty tree I won't object.
No objection from me. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/