aurora-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Cohen <jco...@apache.org>
Subject Re: Review Request 51564: Allow E_NAME_IN_USE in useradd/groupadd.
Date Thu, 01 Sep 2016 01:00:02 GMT


> On Aug. 31, 2016, 10:17 p.m., Stephan Erb wrote:
> > src/main/python/apache/aurora/executor/common/sandbox.py, line 239
> > <https://reviews.apache.org/r/51564/diff/3/?file=1489394#file1489394line239>
> >
> >     This changes seems to come with a severe security risk. As an normal user, I
can now gain root on any agent:
> >     
> >     * Prepare a docker/appc container with a manually crafted user with UID 0 but
with my role name.
> >     * Launch the container with said role name.
> >     * The sandbox code will bail out early here and don't proceed to create an unpriviledged
user
> >     * Setuid will switch from root to my prepare custom user with root permissions
> >     * Game over  
> >     
> >     Unless someone can correct me here, that would be a -1 from my end.

I'm not sure about step 4 above. Are you referring to the [setuid in process.py](https://github.com/apache/aurora/blob/master/src/main/python/apache/thermos/core/process.py#L369-L380)?
If so, that setuid shouldn't be switching to root, it will be switching to the user matching
the role name on the host system, the uid set in your docker/appc image wouldn't have any
impact on that. Am I missing something?


- Joshua


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51564/#review147497
-----------------------------------------------------------


On Aug. 31, 2016, 8:56 p.m., Zhitao Li wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/51564/
> -----------------------------------------------------------
> 
> (Updated Aug. 31, 2016, 8:56 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen, John Sirois, and Zameer Manji.
> 
> 
> Bugs: AURORA-1761
>     https://issues.apache.org/jira/browse/AURORA-1761
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> Allow E_NAME_IN_USE in useradd/groupadd.
> 
> 
> Diffs
> -----
> 
>   src/main/python/apache/aurora/executor/common/sandbox.py a172691e164cf64792f65f049d698f9758336542

>   src/test/python/apache/aurora/executor/common/test_sandbox.py 57ab39e2444100c3a689bb0ff745c62f7bc2f1a6

> 
> Diff: https://reviews.apache.org/r/51564/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Zhitao Li
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message