New issue
Advanced search Search tips

Issue 676660 link

Starred by 3 users
Status: Verified
Owner:
ljusten@chromium.org
Closed: Jan 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug
V1



Sign in to add a comment

authpolicy: Set saved user id and drop caps

Project Member Reported by ljusten@chromium.org, Dec 22 2016 
Set saved uid to authpolicy-exec directly after authpolicyd starts up and drop caps immediately afterwards. This allows switching to authpolicy-exec even without caps. The advantage is that authpolicyd can only switch to the authpolicyd-exec user, so it's more secure.

This requires a small change to minijail to allow this (already CLified here: https://android-review.googlesource.com/#/c/317586).

Comment 1 by ljusten@chromium.org, Dec 29 2016

Status: Assigned (was: Started)
Summary: authpolicy: Investigate using file capabilities for switching user/group, get rid of ordinary caps (was: authpolicy: Make use of saved uid to change to authpolicyd-exec, get rid of caps)

Comment 2 by ljusten@chromium.org, Dec 29 2016

Description: Show this description

Comment 3 by ljusten@chromium.org, Dec 29 2016

Description: Show this description

Comment 4 by ljusten@chromium.org, Jan 2 2017

Labels: M-57

Comment 5 by ljusten@chromium.org, Jan 3 2017

Summary: authpolicy: Set saved user id and drop caps (was: authpolicy: Investigate using file capabilities for switching user/group, get rid of ordinary caps)

Comment 6 by ljusten@chromium.org, Jan 3 2017

Description: Show this description
Project Member

Comment 7 by bugdroid1@chromium.org, Jan 7 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/600234a14c0299347552322fefaa861ddabbb463

commit 600234a14c0299347552322fefaa861ddabbb463
Author: Lutz Justen <ljusten@chromium.org>
Date: Fri Jan 06 19:49:55 2017

Uprev minijail to latest version

Makes the following CLs available (without am):
13807cb minijail: Add ability to keep supplementary gids.
457a5e3 Improve error messages
2449956 Call setgroups(2) only once when changing users
827925f Merge "Fix logging in Makefile."
ae57f09 Fix logging in Makefile
aa235b9 Create a new session for the jailed process

13807cb is required for authpolicy, in particular CL:423035.

BUG= chromium:676660 
TEST=Compiled with CL:423035

Change-Id: Icec7baab9fe9c724aac5e91c2eeb3ab1039eedba
Reviewed-on: https://chromium-review.googlesource.com/425958
Commit-Ready: Lutz Justen <ljusten@chromium.org>
Tested-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[rename] https://crrev.com/600234a14c0299347552322fefaa861ddabbb463/chromeos-base/chromeos-minijail/chromeos-minijail-0.0.1-r1472.ebuild
Project Member

Comment 8 by bugdroid1@chromium.org, Jan 7 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/2eb6395f9b61e75d1c5602e45715c0f98c545d79

commit 2eb6395f9b61e75d1c5602e45715c0f98c545d79
Author: Lutz Justen <ljusten@chromium.org>
Date: Tue Jan 03 18:58:02 2017

authpolicy: Set saved uid and drop caps in authpolicyd

Sets authpolicyd-exec as saved uid and drops all caps on authpolicyd
startup. This allows executing Samba code as authpolicyd-exec user
without keeping caps around for longer than necessary.

A new cap had to be added, CAP_SETPCAP, to allow dropping caps from the
boundary set. Doing this prevents that caps are regained by executing
a file with file caps.

Depends on https://android-review.googlesource.com/c/317586/.

CQ-DEPEND=CL:422772

BUG= chromium:676660 
TEST=Compiles, tested with custom test code.

Change-Id: I2ae02d3fbdb01ff4228fa1f011613aa704b2a9a6
Reviewed-on: https://chromium-review.googlesource.com/423035
Commit-Ready: Lutz Justen <ljusten@chromium.org>
Tested-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Roman Sorokin <rsorokin@chromium.org>

[modify] https://crrev.com/2eb6395f9b61e75d1c5602e45715c0f98c545d79/authpolicy/process_executor.cc
[modify] https://crrev.com/2eb6395f9b61e75d1c5602e45715c0f98c545d79/authpolicy/authpolicy.gyp
[modify] https://crrev.com/2eb6395f9b61e75d1c5602e45715c0f98c545d79/authpolicy/process_executor.h
[modify] https://crrev.com/2eb6395f9b61e75d1c5602e45715c0f98c545d79/authpolicy/authpolicy_main.cc
[modify] https://crrev.com/2eb6395f9b61e75d1c5602e45715c0f98c545d79/authpolicy/samba_interface.cc
[modify] https://crrev.com/2eb6395f9b61e75d1c5602e45715c0f98c545d79/authpolicy/constants.h
[modify] https://crrev.com/2eb6395f9b61e75d1c5602e45715c0f98c545d79/authpolicy/etc/init/authpolicyd.conf

Comment 9 by tnagel@chromium.org, Jan 9 2017

Labels: Enterprise-Triaged

Comment 10 by ljusten@chromium.org, Jan 9 2017

Status: Fixed (was: Assigned)
Project Member

Comment 11 by bugdroid1@chromium.org, Jan 13 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/dacc2006b495097f44abceff743b12b502a22693

commit dacc2006b495097f44abceff743b12b502a22693
Author: Lutz Justen <ljusten@chromium.org>
Date: Mon Jan 09 14:56:00 2017

authpolicy: Depend on latest minijail

Required for minijail_keep_supplementary_gids.

BUG= chromium:676660 
TEST=Compiles

Change-Id: I9531ec2ebf3544b6b1ae421ac910dd36110ca965
Reviewed-on: https://chromium-review.googlesource.com/426159
Commit-Ready: Lutz Justen <ljusten@chromium.org>
Tested-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Thiemo Nagel <tnagel@chromium.org>

[modify] https://crrev.com/dacc2006b495097f44abceff743b12b502a22693/chromeos-base/authpolicy/authpolicy-9999.ebuild

Comment 12 by kathrelk...@chromium.org, Jul 6 2017

Status: Verified (was: Fixed)
bulk Verify of Chromad V1 bugs

Sign in to add a comment