← Back to team overview

openstack team mailing list archive

Re: Question on nova disk injection...

 


On Tuesday, June 5, 2012 at 20:44 PM, Joshua Harlow wrote:

> Re: [Openstack] Question on nova disk injection... Interesting, darn, that sorta makes it harder than it seems like it should be.
>  
> Is there any pattern that we can follow for this that other programs use, do most other programs shell out as root, and expect there command sets to be restricted? Do other similar programs just assume that they are running as a user that won’t need to be restricted? Java seems like it would have the same issue, but of course its threaded, I there any similar concept there of temporarily escalating privileges for a thread, performing some action, then reducing privileges?
The modern pattern is to use forks and IPC.

I've located a whitepaper on how it is handled in OpenSSH:
http://www.citi.umich.edu/u/provos/papers/privsep.pdf

> I wonder if eventlet could support something like this (or be modified to?). Anyone else know other ways of doing this that might be useful? The suggestions that involve RPC being one way.  
Eventlet cannot support what you want to do. Even if we abused greenthreads in a way where they wouldn't switch during the execution of privileged code, and ran within a single Python process, we would be limited to using seteuid, rather than setuid to lower privileges. The difference is that with seteuid, privileges can be restored.  That isn't to say that wouldn't work, but OpenSSH had reasons to move to an IPC approach… http://lwn.net/Vulnerabilities/3290/  

Regards,
Eric Windisch

References