[2016-12-19 09:04] Russ Allbery <r...@debian.org> > > part text/plain 564 > Dmitry Bogatov <kact...@gnu.org> writes: > > > After all, leftover system user is just one extra line in /etc/passwd > > and one more wasted UID, but we have ~32k of them. > > Er, no, we have 900 of them. Maybe 1433 of them if we steal 65000-65533. > Anywhere else will run into the UID space reserved for the local > administrator, which would cause serious problems. > > Given that, I do think something like this would be a good idea if all the > tricky implementation details can be worked out.
You are right. But what are we going to do anyway in case if user
installs 901 different daemons? Seems that approach of system users
does not scale at all.
Just a thought: `setuid(2)' accepts uid_t, which is 32bit on my 64 bit
system. So probably it possible to run process isolated without creating
entry in /etc/passwd? Here is little C program:
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
int
main(void)
{
printf("%d\n", (int)(sizeof(uid_t)));
setuid(100000);
sleep(1000);
return 0;
}
Will it misbehave on different kernels or architectures, then x86_64 GNU/Linux?
If it is okay, then let's consider why system users are usually used? As
far as I understand, to run some process and
- protect it from other processed
- protect other processes from it
- do not allow it to write files it do not need
- do not allow it to read files it do not need
setuid(BIG_INT) is fine to solve first two tasks. About third we can do
following:
$ setuid $BIG_INT my-daemon <<EOF
/var/log/my-daemon.log
/var/spool/my-data.log
EOF
setuid will touch this files as root, chown them to $BIG_INT, run daemon
as setuid($BIG_INT) and when it dies, chown files back to root. This way
there no need to assign any specific number to daemon, question is just
to aquire number not occupied right now.
We can do similiar thing with files meant to be read. What do you think?
This way we can save some of 900 system users for cases, where we can't
know in advance list of files needed to be readable/writeable.
--
X-Web-Site: https://sinsekvu.github.io | Note that I process my email in batch,
Accept-Languages: eo,ru,en | at most once every 24 hours. If matter
Accept: text/plain, text/x-diff | is urgent, you have my phone number.
pgpesJ7Td1zHP.pgp
Description: PGP signature
