Open stsp opened 2 weeks ago
xuancong84
commented
2 weeks ago Thanks @stsp for your kernel patch! So how exactly can I test your patch?
Take note that my solution (in this repo) is only a temporary workaround of this issue.
The ideal way should be one without any coding effort, e.g., directly cat or pipe writing > to /proc/<pid>/groups (for example).
stsp
commented
2 weeks ago Well, firstly you need to read the patch description, as it has all the usage instructions as well as other info. Then you need to clone this repo: https://github.com/stsp/cred_test It shows how the privileged helper process can grant the group list to the unpriv'd one.
The ideal way should be one without any coding effort, e.g., directly cat or pipe writing > to /proc/
/groups
That's too insecure.
What if you write the groups root
and wheel to your process? There
needs to be some coding efforts for
sure. In my approach you need a
separate privileged entity that helps
you to perform the task.
Please note that if you want to
completely ignore security, then
all you need is
setcap cap_setgid+p <your_binary>
and after that, your binary can change
groups at any time w/o any restrictions
by calling cap_setgroups().
stsp
commented
2 weeks ago The ideal way should be one without any coding effort, e.g., directly cat or pipe writing > to /proc//groups
You can actually achieve something like this with the following steps:
initgroups() or cap_setgroups().This works w/o any patches. Except that IIRC LD_PRELOAD won't work with setcap.
Hi.
I recently posted this patch-set to LKML: https://lore.kernel.org/lkml/20241108204102.1752206-3-stsp2@yandex.ru/T/ It allows to get the group list from another (privileged) process. It should solve the problem your module addresses, among other things. But it fails to get a lot of interest (just 1 change request so far). I wonder if you can evaluate the possibility of my patch solving your problem, and if it suits, maybe you can post your use-case and/or review my patch in LKML.
Thanks!