Re: unowned processes and who controls them (was: Re: passwd entry for uid -1

To: nisse@lysator.liu.se (Niels Möller)
Cc: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>, Robert Bihlmeyer <robbe@orcus.priv.at>, debian-hurd@lists.debian.org
Subject: Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
From: Oystein Viggen <oysteivi@tihlde.org>
Date: 06 Jun 2001 23:48:00 +0200
Message-id: <[🔎] 03bso15lgv.fsf@colargol.tihlde.org>
In-reply-to: <[🔎] nn4rttxs5a.fsf@sture.lysator.liu.se>
References: <[🔎] 20010602214206.BF65699306@perdition.linnaean.org> <[🔎] 20010603205104.D4223@212.23.136.22> <[🔎] 87wv6s5pj4.fsf@orcus.priv.at> <[🔎] 20010604215026.D1366@212.23.136.22> <[🔎] 87y9r7knna.fsf@orcus.priv.at> <[🔎] 20010605173251.A5365@212.23.136.22> <[🔎] 03itia9axu.fsf@colargol.tihlde.org> <[🔎] 20010605183437.B5365@212.23.136.22> <[🔎] 03elsy92bg.fsf@colargol.tihlde.org> <[🔎] nn4rttxs5a.fsf@sture.lysator.liu.se>

Quoth Niels Möller: 

> Now, you start the ftpd with something like
> 
>   rmauth /real/ftpd </your/capabilities/server
> 
> There may be some better way to create and inherit the port than to
> bind it to the stdin fd.

Would opening the port in the beginning of main() before doing something
like rmauth(getpid()) count as a better way?

It seems to me, though, that the changes needed to make an already
existing program use this could be quite intrusive?

In comparison, I have here a patch for ntpd that:

1. changes UID from root to ntp keeping all privileges
2. drops all privileges except the one for opening low ports and the
   one for setting system time.
3. runs the rest of the program perfectly, and completely unmodified.

(and I'm not even a half good c programmer ;)

With your proposed solution, I figure you would need to change all the
places in the file that are doing something privileged from using their
current function calls to sending commands through the pre-opened
fd/port. (changes in glibc could beautify this _very_ much in the actual
program, though.)

Oystein
-- 
Ebg13 arire tbrf bhg bs fglyr..

Reply to:

Follow-Ups:
- Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
  - From: nisse@lysator.liu.se (Niels Möller)

References:
- Re: passwd entry for uid -1
  - From: Roland McGrath <roland@frob.com>
- Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: passwd entry for uid -1
  - From: Robert Bihlmeyer <robbe@orcus.priv.at>
- Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: passwd entry for uid -1
  - From: Robert Bihlmeyer <robbe@orcus.priv.at>
- Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: passwd entry for uid -1
  - From: Oystein Viggen <oysteivi@tihlde.org>
- unowned processes and who controls them (was: Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
  - From: Oystein Viggen <oysteivi@tihlde.org>
- Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
  - From: nisse@lysator.liu.se (Niels Möller)

Prev by Date: Re: getsockopt() hurd/glibc mismatch
Next by Date: Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
Previous by thread: Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
Next by thread: Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
Index(es):
- Date
- Thread