[Oisf-devel] changing uid
Will Metcalf
william.metcalf at gmail.com
Fri Mar 12 15:54:44 UTC 2010
Opening a feature request for this. Attaching your original patch and
comments you made here.
https://redmine.openinfosecfoundation.org/issues/show/119
Regards,
Will
On Fri, Mar 12, 2010 at 8:38 AM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Thursday 11 March 2010 10:20:35 am Will Metcalf wrote:
>> Have not forgotten about your drop privs patch, and we have a bug
>> checked in for the inline functions. We have just been crazy busy. I
>> think the issue with the drop privs patch is that it can't be applied
>> to the NFQUEUE run mode and I will have to test PF_RING and IPFW on
>> FreeBSD, for normal pcap it shouldn't be a problem.
>
> I just wanted to mention that running as root means that you gain access to
> certain capabilities. Without the capabilities, root is just a normal account
> - although still dangerous. It is possible to keep capabilities while changing
> uid. This is done by using the prctl() syscall. To do this with libcap is
> about 60 lines of code. To do this with libcap-ng is 3 lines of code.
>
> Typically the way this is done goes one of 2 ways: Either wait until
> privileged ops are completed and then drop all capabilities or retain some
> capabilities. The decision really depends on whether or not the daemon can
> receive a signal such as sighup that may require it to do privileged ops
> again. If it does, then you should keep some capabilities. If it does not then
> you should drop them all.
>
> -Steve
>
More information about the Oisf-devel
mailing list