Re: unowned processes and who controls them (was: Re: passwd entry for uid -1

To: Robert Bihlmeyer <robbe@orcus.priv.at>
Cc: debian-hurd@lists.debian.org
Subject: Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
Date: Wed, 6 Jun 2001 05:13:14 +0200
Message-id: <[🔎] 20010606051313.A707@212.23.136.22>
In-reply-to: <[🔎] 87lmn6lkty.fsf@orcus.priv.at>
References: <[🔎] 20010602214206.BF65699306@perdition.linnaean.org> <[🔎] 20010603205104.D4223@212.23.136.22> <[🔎] 87wv6s5pj4.fsf@orcus.priv.at> <[🔎] 20010604215026.D1366@212.23.136.22> <[🔎] 87y9r7knna.fsf@orcus.priv.at> <[🔎] 20010605173251.A5365@212.23.136.22> <[🔎] 03itia9axu.fsf@colargol.tihlde.org> <[🔎] 20010605183437.B5365@212.23.136.22> <[🔎] 87lmn6lkty.fsf@orcus.priv.at>

On Tue, Jun 05, 2001 at 10:42:49PM +0200, Robert Bihlmeyer wrote:
> Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de> writes:
> 
> > Anyway, the code is there, but processes started at boot time are not in
> > different login groups, I think.  You would want them to be there, though.
> > In fact, I think you would loose all security at the login shell if there
> > were processes without owner started at boot time, as login groups are only
> > created after a login.
> 
> Is that stuff in a special login group, or no login group at all?

I don't know.  It should be easy to find out by running a small program
printing getlogin() in the boot scripts.

But it seems that all login shells run in different login groups (all named
"login", but the name is not what matters). So I don't think you have access
to the root programs through the login shell.

> Anyway, it should be possible to put those jobs each in a differnt
> group easily. We're root, then, after all.

Of course.  A very short program could serve as a launcher application, to
fork off a daemon in a new login group, and strip all uids from it.

> Don't forget that already owned capabilities (mainly open file
> handles -- what about other port rights??)

If you have authenticated yourself, you stay authenticated until a
reauthentication is performed.  The server keeps track of the uids as
provided by the hand shake.

> should also stay available.

Yes.

Marcus

-- 
`Rhubarb is no Egyptian god.' Debian http://www.debian.org brinkmd@debian.org
Marcus Brinkmann              GNU    http://www.gnu.org    marcus@gnu.org
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de

Reply to:

References:
- Re: passwd entry for uid -1
  - From: Roland McGrath <roland@frob.com>
- Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: passwd entry for uid -1
  - From: Robert Bihlmeyer <robbe@orcus.priv.at>
- Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: passwd entry for uid -1
  - From: Robert Bihlmeyer <robbe@orcus.priv.at>
- Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: passwd entry for uid -1
  - From: Oystein Viggen <oysteivi@tihlde.org>
- unowned processes and who controls them (was: Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
  - From: Robert Bihlmeyer <robbe@orcus.priv.at>

Prev by Date: Re: Easy Guide feedback
Next by Date: Re: Project Suggestions
Previous by thread: Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
Next by thread: Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
Index(es):
- Date
- Thread