suEXEC セキュリティモデルをベースにしたコンテナ起動時のバリデーションの提案 / A suEXEC-based validation in containers' startup

6DIJP,POEP(.01FQBCP *OD 84"ݚڀձ TV&9&$ηΩϡϦςΟϞσϧΛ ϕʔεʹͨ͠ίϯςφىಈ࣌ͷ όϦσʔγϣϯͷఏҊ

ΤϯδχΞ ۙ౻Ӊஐ࿕!VE[VSB ٕज़෦ٕज़ج൫νʔϜ

໨࣍ લఏ ίϯςφ؀ڥఏڙͷࡍͷηΩϡϦςΟత՝୊ લఏ ίϯςφʹ·ͭΘΔηΩϡϦςΟػߏͷ੔ཧ
ఏҊ͢ΔόϦσʔγϣϯػߏʹ͍ͭͯ ՝୊ɾٞ࿦͍ͨ͜͠ͱ

ίϯςφ؀ڥఏڙͷࡍͷ ηΩϡϦςΟత՝୊

8FCαʔϏεఏڙͰͷίϯςφͷར༻ w ಥൃతΞΫηε૿ͳͲ΁ͷରॲͷͨΊɺ8FCαʔϏεͷӡ༻ऀ͸ߴ଎͔ͭॊೈͳϦιʔ ε੍ޚΛ͍ͨ͠ɻ w ٸͳϦιʔε௥Ճ΁ͷରԠɺෆཁͳ࣌͸ݮΒ͢ɺͳͲɻ w ίϯςφ͸ͦͷىಈͷߴ଎͞ͳͲͷੑ࣭͔Βɺͦͷ໨తʹ͓͋ͬͯΓීٴ͕ਐΈͭͭ ͋Δɻ w
)BDPOJXB࿦จ Ͱ΋͜ͷલఏʹ͍ͭͯड़΂͍ͯΔ w ࠓճ͸ͦͷதͰ΋ɺϗεςΟϯά؀ڥʹ͓͍ͯߴ଎͔ͭॊೈͳϦιʔε੍ޚΛ࣮ݱ͢ ΔͨΊʹίϯςφΛར༻͢Δʹ͋ͨΓɺηΩϡϦςΟͷ໰୊Λ੔ཧ͢Δ IUUQTSBOEQFQBCPDPNQBQFSTJQTKODVE[VSBQEG

ίϯςφఏڙ࣌ͷηΩϡϦςΟత՝୊ ίϯςφͷ಺෦͔ΒɺίϯςφΛϗετ͍ͯ͠Δ਌ͷ04ʹʮ୤ࠈʯ͕Ͱ ͖Δ৔߹ ίϯςφͷ಺෦͔Βɺίϯςφͷ֎෦؀ڥ͕ݟ͑ͨΓૢ࡞Ͱ͖Δ৔߹ ίϯςφͷ಺෦ʹ͍ͭͯɺαʔϏεఏڙऀ͕ҙਤ͠ͳ͍ઃఆมߋ΍ϑΝΠ ϧͷૢ࡞͕Ͱ͖Δ৔߹
ίϯςφͷىಈ࣌ʹɺαʔϏεఏڙऀ͕ҙਤ͠ͳ͍ίϚϯυɺҾ਺ɺݖ ݶͰͷىಈΛ͞ΕΔ৔߹

ίϯςφͷ಺෦ˠίϯςφͷϗετ w͍ΘΏΔʮ୤ࠈʯ -JOVY/BNFTQBDF DISPPU $POUBJOFST )PTU04 VODISPPUIUUQTHJTUHJUIVCDPN'JMP4PUUJMF ❌ ❓❓ ௨ৗɺίϯςφ಺෦͔Βϗετͷ৘
ใ͸ɺ-JOVY/BNFTQBDFͳͲʹΑ Γִ཭͞ΕΞΫηεͰ͖ͳ͍ ⚠੬ऑੑɺઃఆϛεɺ࢓্༷ͷൈ͚݀ ͳͲʹΑΓ֎෦ͷ৘ใʹΞΫηεͰ͖Δ ͜ͱ͕͋Δʹʮ୤ࠈʯ

ίϯςφͷ಺෦ˠݟͤͨ͘ͳ͍֎෦ wωοτϫʔΫ্ͷଞͷϗετ΁ͷΞΫηεɺ௨৴ͷ๣ௌͳͲ B C D E ίϯςφB ͷ؀ڥΛ֎෦ʹఏڙ͢Δ৔߹ɺ B ͔Βݟ͑ͯ͸͍͚ͳ͍ϛυϧ΢ΣΞD
ʹΞΫηεͰ͖Δɺ B ͔Β؅ཧίϯςφE ʹΞΫηεͰ͖ΔɺͳͲ B ͱE ͕ಉ͡WYMBOͷ৔߹ͳͲ΋ߟ͑ΒΕΔͩΖ͏ 0, TFDSFU "ENJODPOUBJOFST $POUBJOFSTUPQSPWJEF ❌ ⭕ ❌

ίϯςφͷ಺෦Λӽݖతʹૢ࡞Ͱ͖Δ wίϯςφ಺෦ͷಛݖΛ༩͍͑ͯͳ͍ͷʹɺϑΝΠϧΛૢ࡞Ͱ͖Δ FUDQBTTXE FUDTIBEPX FUDOHJOYOHJOYDPOG QSPDTZT WBSSVOEPDLFS "$POUBJOFS
ίϯςφ಺ͷ௨ৗϢʔβʔ ·ͨ͸ݖݶ੍ݶ͞ΕͨSPPU ౰વɺෆཁͳϑΝΠϧૢ࡞͸ෆՄ ⚠੬ऑੑͳͲͷར༻Ͱ SPPUʹͳΔ ⚠ઃఆ࿙ΕͳͲͰ ෆཁͳݖݶ͕෇͍ͯݖݶୣऔ ૢ࡞ ૢ࡞ ⚠ݖݶઃఆΛޡͬͯ ෇༩Ϛ΢ϯτ͢Δ͜ͱ΋

ҙਤ͠ͳ͍Φϓγϣϯ౳Ͱίϯςφىಈ wίϯςφͷىಈΛϢʔβͰίϯτϩʔϧͰ͖Δ৔߹͕͋Δ ਖ਼ৗͳઃఆͰىಈ ෆਖ਼ͳઃఆͰىಈɺ ͦͷޙෆਖ਼ͳૢ࡞ ίϯςφͰ͸ͳ͍ ϛυϧͳͲΛ ىಈͤ͞ΒΕΔ ίϯςφىಈͷܖػ ͱͳΔΠϕϯτ
$*αʔϏε౳ δϣϒ։࢝ 'BTU$POUBJOFS લஈͷΠϕϯτΛड͚औΔ૚ OHY@NSVCZEPDLFSE ίϯςφϥϯλΠϜ ⚠ෆਖ਼ͳύϥϝʔλΛ౉͞ΕΔɺͳͲ

ίϯςφʹ·ͭΘΔ ηΩϡϦςΟػߏͷ੔ཧ

ίϯςφʹؔ͢ΔηΩϡϦςΟػߏ " 6TFS/BNFTQBDF # ,FSOFM$BQBCJMJUJFT $ TFDDPNQ % .BOEBUPSZ"DDFTT$POUSPM &
4FSWJDF.FTIJOH ' 3PPUMFTT6OQSJWJMFHFEDPOUBJOFST ( )ZQFSWJTPST

6TFS/BNFTQBDF wϗετ໊ͳͲͷΑ͏ʹຊདྷ04άϩʔόϧʹଘࡏ͢ΔϦιʔεʹ͍ͭͯ  04಺෦Ͱ໊લۭؒΛ࡞੒͠ɺ  ෳ਺Λଘࡏͤ͞࢖͍෼͚Δ  -JOVY/BNFTQBDF wϢʔβ*%ʹ໊͍ͭͯલۭؒΛ  ࡞ΓɺϗετͷඇSPPUΛ  ίϯςφͷ؅ཧऀʹɻ

,FSOFM$BQBCJMJUJFT wSPPUͷ࣋ͭಛݖΛɺ෼ׂ͠ɺҰ෦Λണୣ͋Δ͍͸෇༩Ͱ͖Δ $"1@$)08/ $"1@,*-- $"1@4:4@5*.& $"1@4:4@"%.*/ $"1@/&5@3"8 $"1@/&5@#*/%@4&37*$& 5SBEJUJPOBM
SPPU $BQBCJMJUJFT -JNJUFE SPPU VTSMPDBMCJOTFSWFSGPP Ұ෦ૢ࡞͕Ͱ͖ͳ͍  SPPU FH࣌ؒૢ࡞͕Ͱ͖ ͳ͍ɺLJMMͰ͖ͳ͍ ҰൠϢʔβ͕ىಈͯ͠΋ ಛݖϙʔτΛϦοεϯͰ͖ΔɺͳͲ Ұ෦Λണୣ Ұ෦Λ ϑΝΠϧʹ෇༩

TFDDPNQ.BOEBUPSZ"DDFTT$POUSPM wϢʔβͷࠓͷݖݶʹ͔͔ΘΒͣɺҰ෦ૢ࡞Λ੍ݶɾ؂ࠪ͢Δ wTFDDPNQͰ͋Ε͹γεςϜίʔϧɺ."$Ͱ͋Ε͹ϑΝΠϧΞΫηεͳͲ SPPU TFDDPNQͷίϯςΫετ "QQ"SNPSͷϓϩϑΝΠϧ SPPUͷ࡞੒ͨ͠ϓϩηε SPPUͷ࡞੒ͨ͠ϓϩηε ,FSOFM04 γεςϜίʔϧݺग़
ϑΝΠϧΞΫηεɺ ιέοτར༻ͳͲ ❌ ❌ ⭕ ⭕

4FSWJDF.FTIJOH wίϯςφಉ࢜ͷ૬ޓͷωοτϫʔΫɺૄ௨ΛɺίʔυͳͲʹΑΓίϯτϩʔϧ ͢Δ͜ͱΛ4FSWJDF.FTIͱݺͼɺίϯςφͷจ຺Ͱ࢖ΘΕΔ /PEF1PPMෳ਺ͷ෺ཧϗετΛ୯Ұͷϓʔϧͱͯ͠ѻͬͨ΋ͷ 4FSWJDF.FTI $POUSPM1MBOF ίϯςφಉ࢜ͷૄ௨ͷڐՄېࢭ FHηΩϡϦςΟάϧʔϓ ίϯςφؒͷ௨৴ͷ؂ࠪ
௨৴ܦ࿏ͷ҉߸Խ 5-4ଞ ❌ ⭕ ✈

3PPUMFTT6OQSJWJMFHFEDPOUBJOFST w όΠφϦࣗମΛTFUVTFSJESPPU͢Δ w -9$ํࣜͷඇಛݖίϯςφʢ6TFS/BNFTQBDFΛར༻ʣ w /55ਢాࢯʹΑΔ3PPUMFTTSVOD΄͔ʢػೳ੍ݶ͋Γʣ
w ϝϦοτɾσϝϦοτ·ͱΊ όΠφϦͷTFUVJESPPU όΠφϦͷݖݶ͕େ͖͘ɺ ͞ΒͳΔ੍ޚΛ͢ΔͨΊͷରԠ͕ඞཁ -9$ํࣜͷඇಛݖίϯςφ Ұ෦όΠφϦΛTFUVJESPPU͢ΔͷͰ ίϯςφͷػೳͷมԽͰ௥ՃͳͲରԠ͕ඞཁ 3PPUMFTTSVOD ωοτϫʔΫ͕UBQͷΈͳͲ ػೳʹ੍ݶ͕͋Δ

)ZQFSWJTPS౳ͷར༻ʢ༧ߘͰ͸ະݴٴʣ wίϯςφٕज़ͷηΩϡϦςΟػߏͷଟ͘͸04ͷதͰด͍ͯ͡Δ͕ɺ  ܰྔͳϋΠύʔόΠβͳͲΛར༻͠ɺͦͷൣғΛ௒͑ͨαϯυϘοΫ εԽΛ࣮ݱ͢Δٕज़͕ݱΕ͍ͯΔ wH7JTPS ͷ3&"%.&ΑΓ IUUQTDMPVEQMBUGPSNHPPHMFCMPHDPN0QFOTPVSDJOHH7JTPSBTBOECPYFEDPOUBJOFSSVOUJNFIUNM

Ґஔ෇͚Δ w՝୊͸ΧʔωϧίϯςφϥϯλΠϜͰखް͘Χόʔ w՝୊͸4FSWJDF.FTIͷਐԽͰ w՝୊͸ඇಛݖίϯςφ͕  ༗ޮ͔

՝୊΁ͷରԠ ػೳ໊ ରԠՄೳͳ՝୊ 6TFS/BNFTQBDF ,FSOFM$BQBCJMJUJFT
TFDDPNQ .BOEBUPSZ"DDFTT$POUSPM 4FSWJDF.FTI ඇಛݖίϯςφ ϋΠύʔόΠβͷར༻

՝୊΁ͷରԠ͸ݶఆత ػೳ໊ ରԠՄೳͳ՝୊ 6TFS/BNFTQBDF ,FSOFM$BQBCJMJUJFT
TFDDPNQ .BOEBUPSZ"DDFTT$POUSPM 4FSWJDF.FTI ඇಛݖίϯςφ ϋΠύʔόΠβͷར༻

ఏҊ͢Δ όϦσʔγϣϯػߏʹ͍ͭͯ

ఏҊ͢Δख๏ wTV&9&$ηΩϡϦςΟϞσϧ ϕʔεͷݕࠪಋೖ wTV&9&$ηΩϡϦςΟϞσϧ "QBDIF)551αʔό͕$(*͋Δ͍͸44*Λ࣮ߦ͢Δࡍʹɺ"QBDIF ࣗମͷϢʔβ*%ͱ͸ҟͳΔϢʔβ*%Ͱ࣮ߦ͢Δࡍʹߟྀ͍ͯ͠Δ Ϟσϧ w ՝୊΁ͷ͞ΒͳΔରԠʹओ؟Λஔ͘ IUUQTIUUQEBQBDIFPSHEPDTKBTVFYFDIUNM

TV&9&$ηΩϡϦςΟϞσϧͱ͸ w·ͣɺTV&9&$ʹ͍ͭͯ "QBDIF VTFSBQBDIF $(*QSPDFTT VTFSVTFS $(*QSPDFTT VTFSVTFS TVFYFDίϚϯυ IPTUGPPFYBNQMFKQ
IPTUCBSFYBNQMFKQ 7JSUVBM)PTU ͝ͱͷઃఆ $(*ͳͲͷ࣮ߦ ͓ޓ͍ʹݖݶ෼཭ γεςϜྖҬ΋ݟ͑ͳ͍ "QBDIFͷઃఆ౳

TV&9&$ηΩϡϦςΟϞσϧ͕ඞཁͳཧ༝ wTFUVTFSJESPPU͞ΕͨόΠφϦΛܦ༝࣮ͯ͠ݱ͍ͯ͠ΔͨΊ "QBDIF VTFSBQBDIF $(*QSPDFTT VTFSVTFS $(*QSPDFTT VTFSVTFS TVFYFDίϚϯυ IPTUGPPFYBNQMFKQ
IPTUCBSFYBNQMFKQ TFUVJE ͳͲΛ࣮ߦ͢ΔͨΊɺ TVFYFDίϚϯυ͸TFUVTFSJESPPU ͞ΕͨόΠφϦͱͳ͍ͬͯΔɻ ඞཁҎ্ͷૢ࡞͕Ͱ͖ͳ͍Α͏ͳ Կ͔͠Βରࡦ͕ඞਢ "QBDIFͷઃఆ౳

ίϯςφΠϕϯτΛड͚औΔલஈαʔϏε wίϯςφʹ͸ɺىಈΠϕϯτΛड͚औΔલஈαʔϏε͕͋Δ w'BTU$POUBJOFSͷOHY@NSVCZɺSVODʹର͢ΔDPOUBJOFSEɺͳͲ /HJOY͸Πϯλʔωοτʹެ։͞ΕΔ ݖݶ΁ͷߟྀ͕ඞཁ ͨͩ͠ɺݖݶ੍ޚ͸ೝূͳͲͰߦ͑Δ

ίϯςφͷલஈϓϩάϥϜͱൺֱ͢Δ wલஈΛOHY@NSVCZͱͨ͠'BTU$POUBJOFSΞʔΩςΫνϟ OHY@NSVCZ VTFSOHJOY ίϯςφ VTFSVTFS ίϯςφ VTFSVTFS IBDPOJXBίϚϯυ IPTUGPPFYBNQMFKQ
IPTUCBSFYBNQMFKQ ίϯςφϛυϧઃఆ౳ )PTUϔομͳͲ͔Β ίϯςφͷ৘ใΛ࡞੒ TFUVJESPPU ͍ͨ͠ͷͰ ରԠ͕ඞཁ 6TFS/BNFTQBDFʹΑΓ ίϯςφ಺Ͱ͸SPPU ݖݶ෼཭ ݖݶ෼཭

TV&9&$ηΩϡϦςΟϞσϧͷৄࡉ wಛ௃ͱͯ͠͸ ඞཁҎ্ͷݖݶɾࢀরΛ༩͑ͳ͍ 6/*9Ϣʔβϕʔε ن໿ʹΑΔ୲อ ෆਖ਼ͳ*%ͳͲ͸ݫ͘͠ݕࠪ

ίϯςφͷىಈϓϩηεʹରԠ͢Δ TV&9&$ͷ༻ޠ ίϯςφͰͷରԠ XSBQQFS ίϯςφϥϯλΠϜ XSBQQFSͷ࣮ߦϢʔβ ίϯςφϥϯλΠϜͷલஈαʔϏε ର৅ͷ$(*౳ ίϯςφͷ1*%ϓϩηε ʢJOJUͱݺͿʣ
ର৅ͱͳΔϢʔβ*% ίϯςφͷJOJU࣮ߦϢʔβ υΩϡϝϯτσΟϨΫτϦ SPPUT

ݩͷ෼ྨΛύλʔϯʹ੔ཧ wόϦσʔγϣϯͱͯ͠બ୒తʹॲཧ͢΂͖΋ͷ ઃఆͱόΠφϦͷΦ΢φʔҰகɺSPPUGTͷҐஔɺJOJUΛ࣮ߦ͢ΔϢʔβ*%ʹؔ ͢Δ੍ݶɺ؀ڥม਺ͷݕࠪͳͲΛߦ͏ʢϧʔϧʣ wΤϥʔͱͯ͠ॲཧ͢΂͖΋ͷ *%ͷଘࡏ֬ೝͳͲக໋తͳ΋ͷ͸ඞͣݕࠪ͢Δʢϧʔϧʣ wίϯςφͷӡ༻ͷੑ্࣭ɺ࣮૷͢΂͖͔Ͳ͏͔ݕ౼͕ඞཁͳ΋ͷ ίϯςφͷػೳͱ୯७ͳରԠؔ܎ʹͳ͍ɾ୯७ରԠΛ͢Δͱӡ༻ͷ໰୊͕ى ͖ͦ͏ͳ΋ͷ͸ࠓճอཹ͢Δʢϧʔϧʣ

࣮૷ͷৄࡉͳํ਑ͳͲิҨ wʮΤϥʔͱͯ͠ॲཧ͢΂͖΋ͷʯͱͨ͠ϧʔϧ͸ద੾ͳΤϥʔϝο ηʔδΛग़͢Α͏ʹ͢Δ wબ୒తʹॲཧ͢΂͖΋ͷʹ͍ͭͯ͸ɺϏϧυ࣌ΦϓγϣϯͰͲͷݕࠪ Λ࣮ࢪ͢Δ͔ΛࢦఆՄೳͱ͢ΔɻΦϓγϣϯ͕ଟ͍΄ͲηΩϡΞ͕ͩ ࡞੒Ͱ͖Δίϯςφʹ੍ݶ͕͋Δɻগͳ͍ͱٯͷੑ࣭ͱͳΔɻ wϏϧυ࣌Φϓγϣϯʹͨ͠ͷ͸ɺ֎෦ͷઃఆͰ͸ڍಈΛม͑ͳ͍όΠ φϦࣗମͷΦϓγϣϯͱ͠ɺ߈ܸͷػձΛݮΒ͢ͱ͍͏ҙਤ

۩ମత࣮૷ wචऀͷ։ൃ͢ΔίϯςφϥϯλΠϜ)BDPOJXBͰॱ࣮࣍૷͢Δ༧ఆ wʮίϯςφϥϯλΠϜͷઃఆϑΝΠϧͱɺίϯςφϥϯλΠϜࣗ਎ͷ Φ΢φʔ͕Ұக͢Δ͔ʯͷݕࠪΛ࣮૷ࡁ w)BDPOJXB͸NSVCZͷϏϧυ%4-  ʢ3VCZ%4-ʣΛར༻Ͱ͖  ॊೈʹϏϧυΦϓγϣϯઃఆՄೳ

·ͱΊ wίϯςφΛར༻ͨ͠ϗεςΟϯά؀ڥͷఏڙʹ͓͍ͯɺ͍͔ͭ͘ߟྀ͢΂͖ ηΩϡϦςΟత՝୊͕͋Δɻ wͦͷ͏ͪɺʮఏڙ͢Δίϯςφࣗମͷىಈ࣌ͷηΩϡϦςΟʯʹؔͯ͠͸ɺ ඇಛݖίϯςφ͕༗ޮͰ͋Δ͕ɺͦͷޮՌΛTV&9&$ͷηΩϡϦςΟϞσ ϧΛϕʔεͱͨ͠όϦσʔγϣϯ͕ΑΓߴΊΔͷͰ͸ͳ͍͔ wҰൠͷ8FCαʔόͷϓϩηεىಈͱίϯςφͷىಈͷҧ͍ʹଈͨ͠ରԠ෇ ͚Λ࣮ͯ͠૷ΛਐΊ͍ͨ

՝୊ɾٞ࿦͍ͨ͠఺

՝୊ w۩ମత࣮૷΁ͷམͱ͠ࠐΈ ͜Ε͸ॱ࣍࡞͍ͬͯ͘͹͔ΓͰ͋Δ wʮ࣮૷͢΂͖͔Ͳ͏͔ݕ౼͕ඞཁͳ΋ͷʯͷݕ౼ ͦ΋ͦ΋࣮૷͠ͳ͍͍ͯ͘ͷ͔ɺक͍ͬͯΔ΋ͷͷΤοηϯε͸Կ͔ wಋೖޙͷ໰୊఺ɺ༗ޮੑͷݕূ ύϑΥʔϚϯεɺ࣮ࡍʹ߈ܸΛ๷͛Δ͔ɺӡ༻ཁ݅Λຬ͔ͨ͢FUD

ٞ࿦͍ͨ͠ͱ͜Ζ TV&9&$ϞσϧΛώϯτʹͨ͜͠ΕΒͷݕࠪ͸ຊ౰ʹηΩϡΞʹͳΔͷ͔ʁ " ίϯςφͷىಈͱҰൠͷ8FCαʔόͷϓϩηεىಈΛൺֱ͍ͯ͠Δ͕ɺ ଥ౰ͳͷ͔Ͳ͏͔ # 'BTU$POUBJOFSͷΑ͏ͳ৔߹ͷΈͳͷ͔ɺҰൠʹ༗ޮͳͷ͔ Ұ෦ɺݩͷϞσϧͰͦͷ··ద༻Ͱ͖ͳͦ͏ͳ΋ͷ͕͋Δͱ࿦͕ͨ͡ɺ 
ͦΕΒͷѻ͍ΛͲ͏͢Δͱྑ͍͔ʁ ӡ༻ʹ৐ͤͨࡍͷޮՌଌఆʹ͸ͲͷΑ͏ͳํ๏͕ߟ͑ΒΕΔ͔ʁ

ࢀߟࢿྉͳͲ w༧ߘIUUQTHJUIVCDPNVE[VSBXTBTHOEESBGUUSFFNBTUFSESBGUSFBENF wࢀߟจݙͷ͏ͪɺεϥΠυͰϦϯΫΛࣔ͞ͳ͔ͬͨ΋ͷʢ࿦จ౳ʣ w ۙ౻͏͓ͪଞ )BDPOJXBϓϩάϥϜʹΑΔɺ૊ΈཱͯՄೳੑͱ֦ுੑΛ࣋ͭ-JOVYίϯςφ ৘ใॲཧֶձୈճ શࠃେձߨԋ࿦จू
w দຊ྄հଞ 'BTU$POUBJOFS8FCΞϓϦέʔγϣϯίϯςφͷঢ়ଶΛϦΞΫςΟϒʹܾఆ͢Δίϯςφ؅ཧΞʔΩς Ϋνϟ ୈճΠϯλʔωοτͱӡ༻ٕज़ݚڀձ w দຊ྄հଞ 8FCαʔόͷߴूੵϚϧνςφϯτΞʔΩςΫνϟͱӡ༻ٕज़ ిࢠ৘ใ௨৴ֶձ࿦จࢽ#ͷ7PMVNF +#/P wλΠτϧը૾͸QJYBCBZDPNΑΓɺQVCMJDEPNBJOͷ΋ͷΛར༻ͨ͠

suEXEC セキュリティモデルをベースにしたコンテナ起動時のバリデーションの提案 / A s...

suEXEC セキュリティモデルをベースにしたコンテナ起動時のバリデーションの提案 / A suEXEC-based validation in containers' startup

KONDO Uchio

More Decks by KONDO Uchio

Other Decks in Technology

Featured

Transcript

6DIJP,POEP(.01FQBCP *OD 84"ݚڀձ TV&9&$ηΩϡϦςΟϞσϧΛ ϕʔεʹͨ͠ίϯςφىಈ࣌ͷ όϦσʔγϣϯͷఏҊ

ΤϯδχΞ ۙ౻Ӊஐ࿕!VE[VSB ٕज़෦ٕज़ج൫νʔϜ

໨࣍ લఏ ίϯςφ؀ڥఏڙͷࡍͷηΩϡϦςΟత՝୊ લఏ ίϯςφʹ·ͭΘΔηΩϡϦςΟػߏͷ੔ཧ

ίϯςφ؀ڥఏڙͷࡍͷ ηΩϡϦςΟత՝୊

8FCαʔϏεఏڙͰͷίϯςφͷར༻ w ಥൃతΞΫηε૿ͳͲ΁ͷରॲͷͨΊɺ8FCαʔϏεͷӡ༻ऀ͸ߴ଎͔ͭॊೈͳϦιʔ ε੍ޚΛ͍ͨ͠ɻ w ٸͳϦιʔε௥Ճ΁ͷରԠɺෆཁͳ࣌͸ݮΒ͢ɺͳͲɻ w ίϯςφ͸ͦͷىಈͷߴ଎͞ͳͲͷੑ࣭͔Βɺͦͷ໨తʹ͓͋ͬͯΓීٴ͕ਐΈͭͭ ͋Δɻ w

ίϯςφఏڙ࣌ͷηΩϡϦςΟత՝୊ ίϯςφͷ಺෦͔ΒɺίϯςφΛϗετ͍ͯ͠Δ਌ͷ04ʹʮ୤ࠈʯ͕Ͱ ͖Δ৔߹ ίϯςφͷ಺෦͔Βɺίϯςφͷ֎෦؀ڥ͕ݟ͑ͨΓૢ࡞Ͱ͖Δ৔߹ ίϯςφͷ಺෦ʹ͍ͭͯɺαʔϏεఏڙऀ͕ҙਤ͠ͳ͍ઃఆมߋ΍ϑΝΠ ϧͷૢ࡞͕Ͱ͖Δ৔߹

ίϯςφͷ಺෦ˠίϯςφͷϗετ w͍ΘΏΔʮ୤ࠈʯ -JOVY/BNFTQBDF DISPPU $POUBJOFST )PTU04 VODISPPUIUUQTHJTUHJUIVCDPN'JMP4PUUJMF ❌ ❓❓ ௨ৗɺίϯςφ಺෦͔Βϗετͷ৘

ίϯςφͷ಺෦ˠݟͤͨ͘ͳ͍֎෦ wωοτϫʔΫ্ͷଞͷϗετ΁ͷΞΫηεɺ௨৴ͷ๣ௌͳͲ B C D E ίϯςφB ͷ؀ڥΛ֎෦ʹఏڙ͢Δ৔߹ɺ B ͔Βݟ͑ͯ͸͍͚ͳ͍ϛυϧ΢ΣΞD

ίϯςφͷ಺෦Λӽݖతʹૢ࡞Ͱ͖Δ wίϯςφ಺෦ͷಛݖΛ༩͍͑ͯͳ͍ͷʹɺϑΝΠϧΛૢ࡞Ͱ͖Δ FUDQBTTXE FUDTIBEPX FUDOHJOYOHJOYDPOG QSPDTZT WBSSVOEPDLFS "$POUBJOFS

ҙਤ͠ͳ͍Φϓγϣϯ౳Ͱίϯςφىಈ wίϯςφͷىಈΛϢʔβͰίϯτϩʔϧͰ͖Δ৔߹͕͋Δ ਖ਼ৗͳઃఆͰىಈ ෆਖ਼ͳઃఆͰىಈɺ ͦͷޙෆਖ਼ͳૢ࡞ ίϯςφͰ͸ͳ͍ ϛυϧͳͲΛ ىಈͤ͞ΒΕΔ ίϯςφىಈͷܖػ ͱͳΔΠϕϯτ

ίϯςφʹ·ͭΘΔ ηΩϡϦςΟػߏͷ੔ཧ

ίϯςφʹؔ͢ΔηΩϡϦςΟػߏ " 6TFS/BNFTQBDF # ,FSOFM$BQBCJMJUJFT $ TFDDPNQ % .BOEBUPSZ"DDFTT$POUSPM &

6TFS/BNFTQBDF wϗετ໊ͳͲͷΑ͏ʹຊདྷ04άϩʔόϧʹଘࡏ͢ΔϦιʔεʹ͍ͭͯ  04಺෦Ͱ໊લۭؒΛ࡞੒͠ɺ  ෳ਺Λଘࡏͤ͞࢖͍෼͚Δ  -JOVY/BNFTQBDF wϢʔβ*%ʹ໊͍ͭͯલۭؒΛ  ࡞ΓɺϗετͷඇSPPUΛ  ίϯςφͷ؅ཧऀʹɻ

,FSOFM$BQBCJMJUJFT wSPPUͷ࣋ͭಛݖΛɺ෼ׂ͠ɺҰ෦Λണୣ͋Δ͍͸෇༩Ͱ͖Δ $"1@$)08/ $"1@,-- $"1@4:4@5.& $"1@4:4@"%./ $"1@/&5@3"8 $"1@/&5@#/%@4&37*$& 5SBEJUJPOBM

TFDDPNQ.BOEBUPSZ"DDFTT$POUSPM wϢʔβͷࠓͷݖݶʹ͔͔ΘΒͣɺҰ෦ૢ࡞Λ੍ݶɾ؂ࠪ͢Δ wTFDDPNQͰ͋Ε͹γεςϜίʔϧɺ."$Ͱ͋Ε͹ϑΝΠϧΞΫηεͳͲ SPPU TFDDPNQͷίϯςΫετ "QQ"SNPSͷϓϩϑΝΠϧ SPPUͷ࡞੒ͨ͠ϓϩηε SPPUͷ࡞੒ͨ͠ϓϩηε ,FSOFM04 γεςϜίʔϧݺग़

3PPUMFTT6OQSJWJMFHFEDPOUBJOFST w όΠφϦࣗମΛTFUVTFSJESPPU͢Δ w -9$ํࣜͷඇಛݖίϯςφʢ6TFS/BNFTQBDFΛར༻ʣ w /55ਢాࢯʹΑΔ3PPUMFTTSVOD΄͔ʢػೳ੍ݶ͋Γʣ

Ґஔ෇͚Δ w՝୊͸ΧʔωϧίϯςφϥϯλΠϜͰखް͘Χόʔ w՝୊͸4FSWJDF.FTIͷਐԽͰ w՝୊͸ඇಛݖίϯςφ͕  ༗ޮ͔

՝୊΁ͷରԠ ػೳ໊ ରԠՄೳͳ՝୊ 6TFS/BNFTQBDF ,FSOFM$BQBCJMJUJFT

՝୊΁ͷରԠ͸ݶఆత ػೳ໊ ରԠՄೳͳ՝୊ 6TFS/BNFTQBDF ,FSOFM$BQBCJMJUJFT

ఏҊ͢Δ όϦσʔγϣϯػߏʹ͍ͭͯ

ఏҊ͢Δख๏ wTV&9&$ηΩϡϦςΟϞσϧ ϕʔεͷݕࠪಋೖ wTV&9&$ηΩϡϦςΟϞσϧ "QBDIF)551αʔό͕$(͋Δ͍͸44Λ࣮ߦ͢Δࡍʹɺ"QBDIF ࣗମͷϢʔβ%ͱ͸ҟͳΔϢʔβ%Ͱ࣮ߦ͢Δࡍʹߟྀ͍ͯ͠Δ Ϟσϧ w ՝୊΁ͷ͞ΒͳΔରԠʹओ؟Λஔ͘ IUUQTIUUQEBQBDIFPSHEPDTKBTVFYFDIUNM

TV&9&$ηΩϡϦςΟϞσϧͱ͸ w·ͣɺTV&9&$ʹ͍ͭͯ "QBDIF VTFSBQBDIF $(QSPDFTT VTFSVTFS $(QSPDFTT VTFSVTFS TVFYFDίϚϯυ IPTUGPPFYBNQMFKQ

TV&9&$ηΩϡϦςΟϞσϧ͕ඞཁͳཧ༝ wTFUVTFSJESPPU͞ΕͨόΠφϦΛܦ༝࣮ͯ͠ݱ͍ͯ͠ΔͨΊ "QBDIF VTFSBQBDIF $(QSPDFTT VTFSVTFS $(QSPDFTT VTFSVTFS TVFYFDίϚϯυ IPTUGPPFYBNQMFKQ

ίϯςφΠϕϯτΛड͚औΔલஈαʔϏε wίϯςφʹ͸ɺىಈΠϕϯτΛड͚औΔલஈαʔϏε͕͋Δ w'BTU$POUBJOFSͷOHY@NSVCZɺSVODʹର͢ΔDPOUBJOFSEɺͳͲ /HJOY͸Πϯλʔωοτʹެ։͞ΕΔ ݖݶ΁ͷߟྀ͕ඞཁ ͨͩ͠ɺݖݶ੍ޚ͸ೝূͳͲͰߦ͑Δ

ίϯςφͷલஈϓϩάϥϜͱൺֱ͢Δ wલஈΛOHY@NSVCZͱͨ͠'BTU$POUBJOFSΞʔΩςΫνϟ OHY@NSVCZ VTFSOHJOY ίϯςφ VTFSVTFS ίϯςφ VTFSVTFS IBDPOJXBίϚϯυ IPTUGPPFYBNQMFKQ

TV&9&$ηΩϡϦςΟϞσϧͷৄࡉ wಛ௃ͱͯ͠͸ ඞཁҎ্ͷݖݶɾࢀরΛ༩͑ͳ͍ 6/9Ϣʔβϕʔε ن໿ʹΑΔ୲อ ෆਖ਼ͳ%ͳͲ͸ݫ͘͠ݕࠪ

ίϯςφͷىಈϓϩηεʹରԠ͢Δ TV&9&$ͷ༻ޠ ίϯςφͰͷରԠ XSBQQFS ίϯςφϥϯλΠϜ XSBQQFSͷ࣮ߦϢʔβ ίϯςφϥϯλΠϜͷલஈαʔϏε ର৅ͷ$(౳ ίϯςφͷ1%ϓϩηε ʢJOJUͱݺͿʣ

۩ମత࣮૷ wචऀͷ։ൃ͢ΔίϯςφϥϯλΠϜ)BDPOJXBͰॱ࣮࣍૷͢Δ༧ఆ wʮίϯςφϥϯλΠϜͷઃఆϑΝΠϧͱɺίϯςφϥϯλΠϜࣗ਎ͷ Φ΢φʔ͕Ұக͢Δ͔ʯͷݕࠪΛ࣮૷ࡁ w)BDPOJXB͸NSVCZͷϏϧυ%4-  ʢ3VCZ%4-ʣΛར༻Ͱ͖  ॊೈʹϏϧυΦϓγϣϯઃఆՄೳ

՝୊ɾٞ࿦͍ͨ͠఺

՝୊ w۩ମత࣮૷΁ͷམͱ͠ࠐΈ ͜Ε͸ॱ࣍࡞͍ͬͯ͘͹͔ΓͰ͋Δ wʮ࣮૷͢΂͖͔Ͳ͏͔ݕ౼͕ඞཁͳ΋ͷʯͷݕ౼ ͦ΋ͦ΋࣮૷͠ͳ͍͍ͯ͘ͷ͔ɺक͍ͬͯΔ΋ͷͷΤοηϯε͸Կ͔ wಋೖޙͷ໰୊఺ɺ༗ޮੑͷݕূ ύϑΥʔϚϯεɺ࣮ࡍʹ߈ܸΛ๷͛Δ͔ɺӡ༻ཁ݅Λຬ͔ͨ͢FUD

ࢀߟࢿྉͳͲ w༧ߘIUUQTHJUIVCDPNVE[VSBXTBTHOEESBGUUSFFNBTUFSESBGUSFBENF wࢀߟจݙͷ͏ͪɺεϥΠυͰϦϯΫΛࣔ͞ͳ͔ͬͨ΋ͷʢ࿦จ౳ʣ w ۙ౻͏͓ͪଞ )BDPOJXBϓϩάϥϜʹΑΔɺ૊ΈཱͯՄೳੑͱ֦ுੑΛ࣋ͭ-JOVYίϯςφ ৘ใॲཧֶձୈճ શࠃେձߨԋ࿦จू