[Oisf-devel] changing uid
Steve Grubb
sgrubb at redhat.com
Mon Mar 29 12:40:39 UTC 2010
On Monday 29 March 2010 06:47:07 am Victor Julien wrote:
> > Typically the way this is done goes one of 2 ways: Either wait until
> > privileged ops are completed and then drop all capabilities or retain
> > some capabilities. The decision really depends on whether or not the
> > daemon can receive a signal such as sighup that may require it to do
> > privileged ops again. If it does, then you should keep some
> > capabilities. If it does not then you should drop them all.
>
> Using a libcap or libcap-ng approach looks interesting. It seems
> however, that currently Linux dists (at least my Ubuntu 9.10) have
> libcap and no libcap-ng, but the dev versions (like the new Ubuntu and
> Debian) have libcap-ng but no libcap. So essentially we'd have to
> support both?
Its your choice. You could #ifdef it out if the platform does not have it. Or
ask for it to be added to the released repo. I don't know how other Linux
distros work, but on Fedora we can release any new application or library into
a stable OS. I would think other distros can do this, too.
The issue is that its about 60 lines of code to drop capabilities and change
uid at the same time. Its 3 lines of code using libcap-ng.
> The libcap-ng freshmeat page suggests it only works on Linux. What about
> FreeBSD?
I've never tried it on FreeBSD. But I am willing to take patches for any
platform that configure and automake runs on. :)
-Steve
More information about the Oisf-devel
mailing list