[Lguest] [RFC PATCH 1/5] lguest: mmap backing file

[Tim Post]

On Fri, 2008-03-21 at 01:05 +1100, Paul TBBle Hampson wrote:

> I'm not sure I see the risk here. Surely not "anyone" can modify your
> environment variables out from under you?

I was actually thinking about people modifying their own.

> Are you worried that other root users are going to point root's .lguest
> directory somewhere else, but not the non-root user's directory?

No, just instances where underprivileged users are granted limited
access to lguest (say on a build farm) via a setuid script. A build farm
is a rather trivial example but the first that came to mind.

In some cases it is practical to share the use of lguest (or others),
doing that never feels quite comfy - there's just no good way of doing
it.

Its probably a non issue in that scenario, I just saw a case where
someone underprivileged could write to /root/.lguest (or some other
user's).

I'm probably just being over paranoid :)

> There _is_ an issue I hadn't thought of at the time, which is if your
> $HOME is on shared media, and you clash PIDs between lguest launchers on
> two machines sharing that media as $HOME, you're going to clash
> memfiles, specifically truncating the earlier memfile.

That could happen in theory, but what are the chances of two launchers
on any two nodes getting the same PID? Probably a little more likely if
all nodes were the same and lguest launched on boot.

Making it $HOME/.lguest/PID-(rand xxxx) would prevent that, or something
a little more descriptive regarding the node that owned it?

Cheers,
--Tim