Samuel Thibault, le Sun 30 Jun 2013 11:38:33 +0200, a écrit :
> > lack of firewall support.
>
> Now that we use a userland driver for networking, it should be easy to
> interpose at least a simple BPF filter, I have added the task here:
>
> https://savannah.gnu.org/task/index.php?12723
>
> debia
Update of task #12723 (project hurd):
Percent Complete: 0% => 80%
___
Follow-up Comment #1:
This is actually what eth-filter does. I have improved it by making
fsysopts work, to update the
nullauth drops all authentication credentials and runs the given
program. This is also useful to drop privileges on behalf of
translators that do not need any credentials in some circumstances,
e.g.
% settrans -ap /hurd/nullauth -- /hurd/storeio -Tzero
makes storeio run without any credentials.
* trans/null.c (main): Drop privileges.
---
trans/null.c |5 +
1 file changed, 5 insertions(+)
diff --git a/trans/null.c b/trans/null.c
index 1f985b3..8b3b4e0 100644
--- a/trans/null.c
+++ b/trans/null.c
@@ -31,6 +31,7 @@
#include
#include
#include
+#include
�
const char *argp_pr
Hi folks :)
this is a patch series adding setnullauth () to libshouldbeinlibc and
demonstrating its use for dropping unix privileges in the null and
tmpfs translators. A nullauth utility is provided to start arbitrary
programs without any privileges. This can be used to run the
translator on /dev/
* tmpfs/tmpfs.c (main): Drop privileges.
---
tmpfs/tmpfs.c |6 ++
1 file changed, 6 insertions(+)
diff --git a/tmpfs/tmpfs.c b/tmpfs/tmpfs.c
index 7da3dd5..1872a7d 100644
--- a/tmpfs/tmpfs.c
+++ b/tmpfs/tmpfs.c
@@ -29,6 +29,7 @@ the Free Software Foundation, 675 Mass Ave, Cambridge, MA
0
setnullauth () obtains an empty authentication handle and uses it for
further authentication purposes. This effectively drops all Unix
privileges.
* libshouldbeinlibc/nullauth.c: New file.
* libshouldbeinlibc/nullauth.h: Likewise.
* libshouldbeinlibc/Makefile: Add nullauth.{c,h}.
---
libshouldbe
