[Oisf-devel] changing uid
Victor Julien
victor at inliniac.net
Mon Mar 29 10:47:07 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Steve Grubb wrote:
> On Thursday 11 March 2010 10:20:35 am Will Metcalf wrote:
>> Have not forgotten about your drop privs patch, and we have a bug
>> checked in for the inline functions. We have just been crazy busy. I
>> think the issue with the drop privs patch is that it can't be applied
>> to the NFQUEUE run mode and I will have to test PF_RING and IPFW on
>> FreeBSD, for normal pcap it shouldn't be a problem.
>
> I just wanted to mention that running as root means that you gain access to
> certain capabilities. Without the capabilities, root is just a normal account
> - although still dangerous. It is possible to keep capabilities while changing
> uid. This is done by using the prctl() syscall. To do this with libcap is
> about 60 lines of code. To do this with libcap-ng is 3 lines of code.
>
> Typically the way this is done goes one of 2 ways: Either wait until
> privileged ops are completed and then drop all capabilities or retain some
> capabilities. The decision really depends on whether or not the daemon can
> receive a signal such as sighup that may require it to do privileged ops
> again. If it does, then you should keep some capabilities. If it does not then
> you should drop them all.
Using a libcap or libcap-ng approach looks interesting. It seems
however, that currently Linux dists (at least my Ubuntu 9.10) have
libcap and no libcap-ng, but the dev versions (like the new Ubuntu and
Debian) have libcap-ng but no libcap. So essentially we'd have to
support both?
The libcap-ng freshmeat page suggests it only works on Linux. What about
FreeBSD?
Cheers,
Victor
- --
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkuwhSsACgkQiSMBBAuniMf2lACdF1zO6y/v1qoHyhCtMShIFxcF
TpYAn3yzOtw1VqjTcGNG6wtqi2C9btcC
=N/j9
-----END PGP SIGNATURE-----
More information about the Oisf-devel
mailing list