[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: init scripts and su



In article <200407261453.56729.russell@coker.com.au>,
Russell Coker  <russell@coker.com.au> wrote:
>The start scripts for some daemons do "su - user" or use
>"start-stop-daemon -c" to launch the daemon, postgresql is one example.
>
>During the time between the daemon launch and it closing it's file handles and 
>calling setsid(2) (which some daemons don't do because they are buggy) any 
>other code running in the same UID could take over the process via ptrace, 
>fork off a child process that inherits the administrator tty, and then stuff 
>characters into the keyboard buffer with ioctl(fd,TIOCSTI,&c) (*).
>
>To address these issues for Fedora I have written a program named init_su.
>
>init_su closes all file handles other than 1 and 2 (stdout and stderr).  File
>handles 1 and 2 are fstat()'d, if they are regular files or pipes then they
>are left open (no attack is possible through a file or pipe), otherwise they
>are closed and /dev/null is opened instead.  /dev/null is opened for file
>handle 0 regardless of what it might have pointed to previously.  Then
>setsid() is called to create a new session for the process (make it a group
>leader), this invalidates /dev/tty.  Then the uid is changed and the daemon
>is started.

The problem is, if the daemon fails to initialize, say there's
a typo in the config file, it won't be able to print this
fact to the tty.

You probably should attach stdout/stderr to a pipe or pseudo-tty,
fork off the daemon, and poll() the pipe/pseudo-tty writing all
output to stdout, until the child dies (actually, daemonizes).

If you use a pseudo-tty you can invalidate the tty filehandle
in the parent just before exiting so that no resources are held
by the daemon.

Still it should be optional somehow since I have a similar idea
as a replacement for bootlogd. Perhaps an environment
variable called INIT_SU_TRANSPARANT or somesuch.

Mike.
-- 
The question is, what is a "manamanap".
The question is, who cares ?



Reply to: