Re: init scripts and su
On Thu, 29 Jul 2004 18:14, "Miquel van Smoorenburg" <miquels@cistron.nl>
wrote:
> >> Perhaps start-stop-daemon should have a command line option that
> >> makes it fork() and setsid() (--setsid ?)
> >
> >Why would it ever be desirable to not have start-stop-daemon call
> > setsid()?
>
> Don't know .. you have to do an extra fork() (and wait() for it) in
> start-stop-daemon, so it might be a tad slower (a ms at most).
I don't think that an extra fork() is required.
In the usual operation of start-stop-daemon it is called from a script which
waits for it to end, therefore it is not the process group leader and
setsid() will succeed without a fork.
Is there any situation in which setsid() can fail, but in which stuffing input
into /dev/tty will allow it to be received by another process?
> There are also people using start-stop-daemon for all other kinds
> of things, as replacement for 'su' (--start --chuid xx --exec /bla/bla)
> and doing setsid() might break those applications .. but you could
> argue that setsid should be used esp. in the --chuid case
Yes! chuid is exactly where it's needed.
> >I think that we should just have start-stop-daemon call setsid()
> > regardless.
>
> An unconditional change would have to go in after sarge, in case
> it breaks something .. it needs a long period of testing I think.
I guess so, I wasn't expecting it to go in immediately. We can easily produce
a back-port for people who want secure systems.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: