On Thu, Sep 05, 2013 at 02:40:39PM +0000, Matthew Garrett wrote:
On Wed, 2013-09-04 at 20:49 -0400, Vivek Goyal wrote:
> I did what Eric Biederman suggested. I first unshare the mount namespace
> of /sbin/kexec from parent. Then I disable any event propogation between
> mounts. Then I lazy unmount existing /proc and /sys and remount them. I
> think this should make sure that we are seeing at /proc and /sys as
> exported by kenrel?
Namespaces have mostly been used with the assumption that namespaces
contain child processes, rather than parent processes attacking
children. Are we guaranteed that (barring ptrace) a parent process is
unable to manipulate a child's namespaces?
This is a good question and I don't know enough about namespaces to
be able to answer it.
I am CCing Eric Biederman and he should have an Idea.
Eric,
So this is in context of kdump an secureboot. We were discussing to be
able to create a private mount namespace for /sbin/kexec and remount
/proc/ and /sys so that /sbin/kexec is sure that it is looking at
something as exported by kernel.
Is it possible for unsigned parent to now maninpulate child /sbin/kexec
mount namespace now?
Thanks
Vivek