On Sat, Sep 09, 2006 at 04:37:25PM +0200, Yannick Lecaillez wrote: > Patrice Dumas wrote: > > Yeah, you're right. root privilege will be required for create the kdbd > socket to a more conventional place than the current one (/tmp/elektra.sock)
Not necessarily. If, say, /var/elektra is owned by elektra.elektra, the socket could be opened there. Would be much better that in /tmp where there is furthermore a possible symlink attack. > >and regain root privileges only when needed, > >that is when accessing a file (or a db) which is not readable/writable > >by the elektra.elektra user. > > > > > My idea is to make all these files or db r/w to elektra user. This way, That's not necessarily a good idea. It would seems more logicial to have these files rw to the corresponding user, such that he can modify them without going through the daemon. > kdbd could run all the time as elektra.elektra and we're sure kdbd will > "never " permits users to gain root. But sure, if someone suceed to Indeed, that would be the gain. But since elektra could be used for any kind of configuraton it should certainly be more relevant to let the relevant db be owned by the user. If this is owned by the user, then indeed it requires a carefull design since it is required to be able to become root at some point, to be able to change uid to the user uid, and the process must also be able to talk to each other. Not easy. > >It even seems to me that it would make sense to > >drop privileges even when called directly from libelektra, say in the > >filesys backend. > > > > > Sorry, i didn't get your point. Could you give some more details please ? No, this was a mistake of mine. In fact filesys cannot be easily used from within the kdbd process since it would invlolve changing uid from within the filesys code which seems wrong. -- Pat ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Registry-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/registry-list
