On Tuesday, June 5, 2012 at 20:44 PM, Joshua Harlow wrote:

> Re: [Openstack] Question on nova disk injection... Interesting, darn, that 
> sorta makes it harder than it seems like it should be.
>  
> Is there any pattern that we can follow for this that other programs use, do 
> most other programs shell out as root, and expect there command sets to be 
> restricted? Do other similar programs just assume that they are running as a 
> user that won’t need to be restricted? Java seems like it would have the same 
> issue, but of course its threaded, I there any similar concept there of 
> temporarily escalating privileges for a thread, performing some action, then 
> reducing privileges?
The modern pattern is to use forks and IPC.

I've located a whitepaper on how it is handled in OpenSSH:
http://www.citi.umich.edu/u/provos/papers/privsep.pdf

> I wonder if eventlet could support something like this (or be modified to?). 
> Anyone else know other ways of doing this that might be useful? The 
> suggestions that involve RPC being one way.  
Eventlet cannot support what you want to do. Even if we abused greenthreads in 
a way where they wouldn't switch during the execution of privileged code, and 
ran within a single Python process, we would be limited to using seteuid, 
rather than setuid to lower privileges. The difference is that with seteuid, 
privileges can be restored.  That isn't to say that wouldn't work, but OpenSSH 
had reasons to move to an IPC approach… http://lwn.net/Vulnerabilities/3290/  

Regards,
Eric Windisch
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Reply via email to