There is probably a good case to be made that setuid is more security
then a random service that can setup
processes into different cgroups/namespaces, security zones.
setuid allows you to maintain the fork() exec() model, and keep things
simple.
On 05/06/2016 01:49 PM, Muayyad AlSadi wrote:
why setuid? why not just do the non-privileged part, then fire a dbus
event to some root service to do the privileged part of adding network
config. (and uses policy kit to validate the request).
or a root daemon that do the privileged part of network configuration.
so in summary
an unprivileged user tool that do every possible thing (except network
configuration)
it then fires a dbus event or a request to privileged daemon "please
configure network on this please"
On Fri, May 6, 2016 at 11:59 AM, Karanbir Singh <mail-li...@karan.org
<mailto:mail-li...@karan.org>> wrote:
On 06/05/16 00:52, Daniel J Walsh wrote:
>
>
> On 05/05/2016 02:10 PM, Josh Berkus wrote:
>>> Currently it is not part of a product and has not has a rigorous
>>> review from a security team. However, I believe our approach
>>> is good, and if anyone wants a peer-reviewed setuid binary
>>> for container features, it's worth considering bubblewrap!
>> So I want to have a "Pop the Bubblewrap" contest which we discussed
>> somewhere else. That is, let's put out a contest for users to
try to
>> break through bubblewrap and report the technical issues.
We'll have
>> some prizes.
>>
>> I'm happy to run the contest, and RH PR would help publicize
it, but I'd
>> need someone to manage it from the technical side.
>>
> I like the idea. We have a security review going on right now
with the
> Security Response team. Perhaps we should see where they are
with the
> review before we put out the challenge.
>
>
happy to help promote this from the CentOS side of things as well
regards,
--
Karanbir Singh
+44-207-0999389 <tel:%2B44-207-0999389> | http://www.karan.org/ |
twitter.com/kbsingh <http://twitter.com/kbsingh>
GnuPG Key : http://www.karan.org/publickey.asc
