On Tue, 30 Jan 2024, tlaro...@kergis.com wrote:
That something can be written is sure. But I wondered if there was
some attempt of some library (in whatever language) or some utility
that will "fence" a root user, and will, allow, without modifying
existing (say, as an example, using pkgsrc compilation and
installation procedure), to downgrade root for running and, when
hitting the fence (trying to transgress the rights), will consult a
list of commands---may be script lines: "make install"---and then
respawn the part with updated rights if the commands were listed.
Checking for EPERM or EACCESS in a user program (I'm thinking of dtrace
here) or in an intercepting library and then becoming root and retrying
would be pretty hairy in userspace. Simpler to make use of the kernel-
provided features:
1. If you only want to write things as root whilst running as a user,
you can use mount_umap(8). But, this 1-to-1 remapping won't work
for pkgsrc, I think, where the installed files can have arbitrary users.
2. Extend secmodel_extensions(9) slightly so that you can do something
like:
```
# rvp & xyz are to be elevated.
% sysctl -w security.models.extensions.pantheon.uids=$(id -u rvp),$(id -u xyz)
# Go!
% sysctl -w security.models.extensions.pantheon.enable=1
# Kick them out after 1 hour.
% { sleep 3600; sysctl -w security.models.extensions.pantheon.enable=0; } &
% cd /usr/pkgsrc/some/pkg && make install
```
The question arises when I asked (wanting to write something for my
own): OK, but _what_ unprivileged user exists that I can safely "su"
to and accomplish the unprivileged part as? "nobody" does not seem the
answer; "operator" neither. This opened a can of worm-questions ;-)
I have a `bld' user for this.
-RVP
