[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: /var/run/directory/



On Sun, 2004-10-03 at 10:37 -0700, Steve G wrote:

> OK, this sounds like just changing where a daemon writes the pid file instead of
> re-writing the code so fchown isn't called. Good.

Right.

> >> There are only 3 daemons that I can think of that need to be root: 
> >>sshd, xinetd, crond. 
> >
> >It can be a very significant amount of work to change a daemon to run as
> >non-root, like dhcpcd.  
> 
> Right. However, I think in the long term, you want to get as many converted as
> possible. That adds 1 more layer of protection just in case someone figures out a
> hole in se linux.

True.  But you have to weigh the effort involved in that versus other
security threats, and I don't think in a lot of these cases it's worth
it.

> >There's still the general problem with discretionary access control here
> >too - A simple misconfiguration in for one of the daemons before it
> >drops root privileges could cause it to overwrite the pid file for
> >another daemon, violating the system security policy.
> 
> I haven't seen this, you'd have to code an exploit just for it.

I'm not talking about an exploit; a system administrator could
accidentally overwrite e.g. the <pidfile> section
of /etc/dbus/system.conf when pasting in configuration from elsewhere.
SELinux will prevent the configuration error from damaging the rest of
the system.

> I'm not against the proposal. I think it helps. I just want to try to air some of
> the details so more people understand what's be proposed.

Makes sense.

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]