Skip to content
This repository has been archived by the owner on Jan 20, 2022. It is now read-only.

chown/fchownat are no-ops #787

Closed
donporter opened this issue Jun 24, 2019 · 3 comments
Closed

chown/fchownat are no-ops #787

donporter opened this issue Jun 24, 2019 · 3 comments
Assignees
@pwmarcz

Comments

@donporter
Copy link
Contributor

Our implementation of chown/fchownat don't do anything with uid, gid, and flags (fchownat).
@chiache
Copy link
Contributor

chiache commented Jun 24, 2019
edited
Loading

Because our library OS has its own virtualized uid and gid, it doesnt make whole lot of sense to propagate the result of chown/fchownat to the host. Supposedly a malicious program sets an executable with uid 0 or makes it a seteuid program, this can be a vulnerability for our sandboxing system.

On the other hand, neither uid nor gid is platform-independent. For instance, Windows doesn't use the uid/gid system like Linux/BSD. I suggest we approach this implementation with caution, and prioritize use cases that we actually care about.

That being said, is there a specific reason that you want to propagate chown/fchownat?

@donporter
Copy link
Contributor Author

Just logging the issue. Won'tfix is a fair outcome.

@mkow mkow mentioned this issue Sep 11, 2020
Open
@dimakuv
Copy link
Contributor

dimakuv commented Jul 14, 2021

This is still valid on current master: https://github.com/oscarlab/graphene/blob/f1a9c785128522ae4abc604a7ae10f4d4e7f0573/LibOS/shim/src/sys/shim_file.c#L239

I actually prefer to close this issue. We don't care about file permissions. Pawel, feel free to re-open if you think this is important.

@dimakuv dimakuv closed this as completed Jul 14, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@pwmarcz pwmarcz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@chiache @pwmarcz @dimakuv @donporter