On Wed, 18 May 2016, John Crispin wrote:
On 18/05/2016 08:08, David Lang wrote:
On Wed, 18 May 2016, John Crispin wrote:
Hi,
we had previously started building the infra for running stuff as !root.
so far we have added
* the userid/gid stuff
* acl on ubus
things that i know are missing
* handling network ports < 1024
what am i missing ? can anyone think of other issues we need to address
before we change uid to !root ?
what things are you trying to run as !root?
services and daemons obviously
just changing everything to run as user lede (uid 1) instead of root
(uid 0) doesn't actually buy much, especially if user lede is able to
administer things https://xkcd.com/1200/
you want to end up running different types of things as different users,
and there the permissions get more 'interesting'
thanks for the pointer, that was totally not obvious at all ...
there is a capability you can give to binaries to let them bind to ports
< 1024, there is also a proc setting you can use to let anything bind to
ports < 1024.
ok, there had been some discussion about building a super daemon that
runs, then ld-preloading bind() and co and using ubus to transport
sockets around. using caps or /proc sounds like a good i between until
such a daemon exists
There are various other things that will require capabilities to work
(including some versions of ping and traceroute), but it's a matter of
fixing them as you bump into them.
yes, but i'll try those on my journey.
don't try to make everything run as the same !root user, migrate things
one (or at least one category) at a time.
thanks for the pointer, that was totally not obvious at all ...
I've seen a lot of professional security peopel fall into these traps, they
aren't obvious to everyone.
David Lang
_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
