On Wed, Oct 19, 2016 at 09:33:14AM -0200, Henrique de Moraes Holschuh wrote: > On Wed, Oct 19, 2016, at 06:56, Jan Mojzis wrote: > > >I read manpage on github, but did not understood, what exactly this > > > program provides. Can it replace creation system users for dropping > > > privileges? > > > > It's doesn't create users. > > It only drops privileges (extremesetuidgid) or sets $UID/$GID env. > > variables (extremeenvuidgid). > > > > For example: > > extremesetuidgid -b 100000 sleep 1 > > > > runs command 'sleep 1' under unprivileged uid/gid (computed getpid() > > +100000) > > e.g. for: > > pid=10 ... uid=gid=100010 > > pid=11 ... uid=gid=100011 > > pid=12 ... uid=gid=100011 > > I am just wondering why is it called "extreme"?
"extremely outdated"? This sounds like a hack from ~ 20 years ago when people realized that running several programs at the same time as nobody does not isolate them from each other. Much better solutions for restricting what a process can or cannot do are now available. > It looks more like a functionality related to "exclusive" guid/uid, > instead... 20 years ago such a hack would at least have ensured that every process has a unique uid. Even this is no longer true. tinysshd [1] is another worrisome example. Writing an own "tiny" sshd from scratch, and the result is not even smaller than the dropbear everyone else uses for that purpose. To make the NIH complete, it uses own versions of standard C library string functions and an own (pretty primitive) build system. cu Adrian [1] thank god only in experimental so far -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed