[Oisf-devel] changing uid
Steve Grubb
sgrubb at redhat.com
Fri Mar 12 14:38:43 UTC 2010
On Thursday 11 March 2010 10:20:35 am Will Metcalf wrote:
> Have not forgotten about your drop privs patch, and we have a bug
> checked in for the inline functions. We have just been crazy busy. I
> think the issue with the drop privs patch is that it can't be applied
> to the NFQUEUE run mode and I will have to test PF_RING and IPFW on
> FreeBSD, for normal pcap it shouldn't be a problem.
I just wanted to mention that running as root means that you gain access to
certain capabilities. Without the capabilities, root is just a normal account
- although still dangerous. It is possible to keep capabilities while changing
uid. This is done by using the prctl() syscall. To do this with libcap is
about 60 lines of code. To do this with libcap-ng is 3 lines of code.
Typically the way this is done goes one of 2 ways: Either wait until
privileged ops are completed and then drop all capabilities or retain some
capabilities. The decision really depends on whether or not the daemon can
receive a signal such as sighup that may require it to do privileged ops
again. If it does, then you should keep some capabilities. If it does not then
you should drop them all.
-Steve
More information about the Oisf-devel
mailing list