[Dev] User ID allocation

Kanevskiy, Alexander alexander.kanevskiy at intel.com
Mon May 26 15:01:24 GMT 2014


On 26/05/14 17:30 , "Piotr Bartosiewicz"
<p.bartosiewi at partner.samsung.com> wrote:

>
>On 26.05.2014 16:17, Kanevskiy, Alexander wrote:
>> On 26/05/14 17:12 , "Piotr Bartosiewicz"
>> <p.bartosiewi at partner.samsung.com> wrote:
>>
>>> On 22.05.2014 16:35, Łukasz Stelmach wrote:
>>>> It was <2014-05-22 czw 11:16>, when Michal Witanowski wrote:
>>>>> From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of Thiago
>>>>> Macieira
>>>>> Sent: Wednesday, May 21, 2014 7:54 PM
>>>>>> Em qua 21 maio 2014, às 17:35:32, Michal Witanowski escreveu:
>>>>>>> I'm in team working on Domain Separation (Linux Containers) and we
>>>>>>> need to
>>>>>>> reserve an UID for our daemon which will be communicating with
>>>>>>> containers
>>>>>>> via dbus socket (it  requires that UID in host and container match,
>>>>>>> so we
>>>>>>> can't trust default values).
>>>>>>>
>>>>>>> I was wondering if there exist any rules for User ID allocation on
>>>>>>> Tizen 3.0 platform.
>>>>>> Can't you simply have a useradd -r command in the RPM post-install
>>>>>> rule?  This will create a UID for you. The software simply needs to
>>>>>> getpwnam to get the UID.
>>>> [...]
>>>>> We can't just do "useradd -r", because it will generate a "random"
>>>>> User ID.
>>>>> We must be sure that UID of the deamon user will be the same,
>>>>> regardless
>>>>> system configuration, existing users in the system, etc.
>>>> Why is that? Are you going to hardcode the uids anywhere? That is BAD.
>>>>
>>> Yes, we would like to hardcode the uids. Yes we know that it is BAD in
>>> general.
>>>
>>> Let me explain the problem without using the 'container' word:
>>>
>>> We have 'n' different Tizen images.
>>> How to ensure that in every image there exists the same user='User'
>>>with
>>> the *same* uid=<uid>.
>>
>> What is the value of that exact numeric uid match between independent
>> images ?
>>
>>> I've already explained why the uids needs to be the same - see my
>>>earlier
>>> mails. I can't simply do a 'useradd' on the first one and use the uid
>>>on
>>> the
>>> other images because this uid can be occupied in some image.
>>>
>> Different image = different device = different runtime scope. Why this
>> exact match matters ?
>> You’re not going to use e.g. NFS between those devices where those uid
>> might play good role.
>> So, what is the value here ?
>>
>Different images AND the same device. We are implementing linux
>containers ie.
>the lightweight virtualization - one Tizen host image and many Tizen
>guest images.
>This UID is used to communicate between host and guests.

One of the primary goals of virtualization is to make app scopes more
secure.
If your security is based on hardcoded numeric uids to communicate from
different runtime scopes (even were they are on one device, having them in
different containers is different scopes),
well, it’s not a secure area in my understanding. compromised one scope
would effectively compromise another one if the only check is same uid.
I understand, it is easier to do such solutions. However, are we really
interested in that long term ?

-- 
Best regards, Alexander Kanevskiy.



---------------------------------------------------------------------
Intel Finland Oy
Registered Address: PL 281, 00181 Helsinki 
Business Identity Code: 0357606 - 4 
Domiciled in Helsinki 

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.


More information about the Dev mailing list