Hi Edward,
On 11/23/21 10:22 PM, Edward Bartolo via Dng wrote:
Dear Aitor,
There are no hard feelings from me, notwithstanding my project is now
defunct. I would like to thank you for adopting it in your own way to
modernise it so that it can be secure and enjoyed by everyone.
Sincerily, thanks for all your time and dedication. Thanks to Devuan,
I am using what was known as Debian without the burden of systemd.
You gave me the base to work upon. Didier Kryn also gave me some good ideas
working on hopman that have been really useful for simple-netaid.
As you clearly indicate, the old version uses an SUID executable to
get root privileges which is a security hole which Devuan did very
well to close, even though it broke my latest version of
simple-netaid-*. In my limited use case, I worked around the breakage
by removing the GUI component and using only the backend as root. It
works in my case, but other users may require more functionality,
which thanks to people like you, they can have. Sincerily, THANKS for
your time and effort.
Now the shared library sends a signal to the daemon as a reminder
for client connection requests to be listened to on the server socket.
The cap_kill linux capability allows the shared library to send this signal
to the daemon (a process running with root privilegies) and be successful.
And last the daemon gets the credentials from the received data before
going ahead with the task requested. Have a look at read_arguments() in
snetaid (lines 1056 - 1156):
https://gitea.devuan.dev/aitor_czr/snetaid/src/branch/master/src/main.c
<https://gitea.devuan.dev/aitor_czr/snetaid/src/branch/master/src/main.c>
Regarding the idea of importing functionality from your libraries to
let my latest version of simple-netaid-* connect without the
requirement of an SUID tag, although it can be done, there is no need
for Devuan, as users can already use your project.
I'm a bit stubborn, though :)
Cheers,
Aitor.
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
