You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by "fxysunshine (via GitHub)" <gi...@apache.org> on 2023/05/17 13:40:14 UTC

[GitHub] [nuttx] fxysunshine commented on pull request #8924: binfmt: set default uid for builtin app

fxysunshine commented on PR #8924:
URL: https://github.com/apache/nuttx/pull/8924#issuecomment-1551420224

   > @patacongo we want to implement I_SUID/I_SGID feature for binfs and romfs. Why we need these features? Because the traditional security model like your description:
   > 
   > > It would help to understand exactly what you are trying to accomplish to forcing some UID defined in a configuration.
   > > NuttX supports standard /etc/passwd and /etc/group files for assigning UIDs and GIDs to users. These are currently only used in NSH logins and do not for set UID and GID, but they should! See configuration sim:nsh, boards/sim/sim/sim/include/nsh_romfsimg.h, and boards/sim/sim/sim/src/etc.
   > > The behavior that I would expect is that the UID and GID defaut to zero (root) but are set at login to the values in /etc. Tasks run (in memory or in the file system) would (usually) take the UID and GID of the parent. But could be changed with ST_NOSUID logic or setuid() and setgid().
   > 
   > isn't suitable for personal device(e.g. PC, phone and PAD). The old model assume that software is perfect, and the device is shared by many people, the security mode trusts the installed software but untrust the end user. So, it's good approach to assign each login user a different id and do the security check in various syscall. But for personal device, the user owns the device physically, it's make no sense to check the user activity, but program downloaded from internet which may contain malicious code need be monitored instead.
   > 
   > Here is how Android use uid/gid to protect the user from maliciour program: https://stackoverflow.com/questions/5708906/what-is-uid-on-android Basically, Android assign program with the different uid/gid and monitor the program activity in many places. I_SUID/I_SGID is the most portable and simplest way to achieve this goal.
   > 
   > @cederom Yes, we want to do the similar thing on NuttX like Android on Linux in the POSIX compliant way.
   
   @patacongo @cederom have done some rework  to follow POSIX spec. For builtin app, We add uid/gid/mode in compile time to builtin_s struct, builtin loader checks the file mode I_SUID/I_SGID and configure the euid/egid from file's uid/gid. 
   If binfs is enabled, euid/egid/mode export to file system,  so we can show file owner and group id, for example "ls" command.
   Could you nice to review?
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org