Re: unowned processes and who controls them (was: Re: passwd entry for uid -1

To: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
Cc: Robert Bihlmeyer <robbe@orcus.priv.at>, debian-hurd@lists.debian.org
Subject: Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
From: Oystein Viggen <oysteivi@tihlde.org>
Date: 05 Jun 2001 21:41:22 +0200
Message-id: <[🔎] 0366ea90kd.fsf@colargol.tihlde.org>
In-reply-to: <[🔎] 20010605211922.B14341@212.23.136.22>
References: <[🔎] 20010602214206.BF65699306@perdition.linnaean.org> <[🔎] 20010603205104.D4223@212.23.136.22> <[🔎] 87wv6s5pj4.fsf@orcus.priv.at> <[🔎] 20010604215026.D1366@212.23.136.22> <[🔎] 87y9r7knna.fsf@orcus.priv.at> <[🔎] 20010605173251.A5365@212.23.136.22> <[🔎] 03itia9axu.fsf@colargol.tihlde.org> <[🔎] 20010605183437.B5365@212.23.136.22> <[🔎] 03elsy92bg.fsf@colargol.tihlde.org> <[🔎] 20010605211922.B14341@212.23.136.22>

Quoth Marcus Brinkmann: 

> I thought about first opening a socket and bind to it, then drop uids.
> That's not so good as running without any ids in the first place, but
> better than keeping those uids around, isn't it?

If you're talking about sockets as in TCP/IP networking, this is good
enough for a webserver and other simple protocols, but for an ftp-server
wanting to support active ftp, this won't work.

Also, without some proper filesystem support for this, there will be
problems for all services actually wanting to store something on disk.
I thought for a moment about how you could run BIND uid-less, until I
came to think of the problems you would have the _second_ time you
wanted to do a zone xfer.

Perhaps unique filesystem namespaces for each process / login group
would be a way to work around this problem.

Oystein
-- 
This message was generated by a flock of happy penguins.

Reply to:

Follow-Ups:
- Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
  - From: Robert Bihlmeyer <robbe@orcus.priv.at>

References:
- Re: passwd entry for uid -1
  - From: Roland McGrath <roland@frob.com>
- Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: passwd entry for uid -1
  - From: Robert Bihlmeyer <robbe@orcus.priv.at>
- Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: passwd entry for uid -1
  - From: Robert Bihlmeyer <robbe@orcus.priv.at>
- Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: passwd entry for uid -1
  - From: Oystein Viggen <oysteivi@tihlde.org>
- unowned processes and who controls them (was: Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
  - From: Oystein Viggen <oysteivi@tihlde.org>
- Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>

Prev by Date: Re: and now ?
Next by Date: Re: Easy Guide feedback
Previous by thread: Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
Next by thread: Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
Index(es):
- Date
- Thread