On Wed, 18 May 2016, Ferry Huberts wrote:
On 18/05/16 11:10, David Lang wrote:
On Wed, 18 May 2016, Ferry Huberts wrote:
On 18/05/16 10:03, David Lang wrote:
On Wed, 18 May 2016, John Crispin wrote:
On 18/05/2016 09:46, Ferry Huberts wrote:
already in-place in Fedora and RedHat/CentOS.
On Wed, 18 May 2016, Radu Anghel wrote:
step 1. add users to /etc/passwd (in the pre/post-install script
probably, trying to use same uid/gid as major distributions would be
nice)
I believe that most of the major distros don't allocate uid/gid numbers
statically, they are allocated as the pac
On 18/05/16 08:41, David Lang wrote:
On Wed, 18 May 2016, John Crispin wrote:
On 18/05/2016 09:04, David Lang wrote:
The first question I would have is if we are going to the system users
in an essentially random order (as needed so two systems with the same
packages installed in a different
On 18/05/16 11:10, David Lang wrote:
On Wed, 18 May 2016, Ferry Huberts wrote:
On 18/05/16 10:03, David Lang wrote:
On Wed, 18 May 2016, John Crispin wrote:
On 18/05/2016 09:46, Ferry Huberts wrote:
already in-place in Fedora and RedHat/CentOS.
You then get even stronger protection and
Replying to myself :)
On Wed, May 18, 2016 at 10:53 AM, Radu Anghel wrote:
>
> step 1. add users to /etc/passwd (in the pre/post-install script
> probably, trying to use same uid/gid as major distributions would be
> nice)
> step 2. add config option for user/group in the relevant /etc/config/ fi
On Wed, 18 May 2016, Ferry Huberts wrote:
On 18/05/16 10:03, David Lang wrote:
On Wed, 18 May 2016, John Crispin wrote:
On 18/05/2016 09:46, Ferry Huberts wrote:
already in-place in Fedora and RedHat/CentOS.
You then get even stronger protection and run-time performance impact is
negligib
On Wed, May 18, 2016 at 9:25 AM, John Crispin wrote:
>
> to elaborate, imagine dnsmasq running inside a jailm where ut only
> thinks it is root but is not in reality. also ld-preloading bind and
> connect would allow us to do pretty adavnced stuff like only allowing
> dnsmasq to open certain ports
Hi again,
2016-05-18 10:22 GMT+02:00 Ferry Huberts :
>
>
> On 18/05/16 10:03, David Lang wrote:
>>
>> On Wed, 18 May 2016, John Crispin wrote:
>>
>>> On 18/05/2016 09:46, Ferry Huberts wrote:
On 18/05/16 09:25, John Crispin wrote:
>
>
>
> On 18/05/2016 09:21,
On 18/05/16 10:03, David Lang wrote:
On Wed, 18 May 2016, John Crispin wrote:
On 18/05/2016 09:46, Ferry Huberts wrote:
On 18/05/16 09:25, John Crispin wrote:
On 18/05/2016 09:21, Radu Anghel wrote:
/* sending again because i hit 'reply' instead of 'reply all' :) */
On Wed, May 18, 20
On Wed, 18 May 2016, John Crispin wrote:
On 18/05/2016 09:46, Ferry Huberts wrote:
On 18/05/16 09:25, John Crispin wrote:
On 18/05/2016 09:21, Radu Anghel wrote:
/* sending again because i hit 'reply' instead of 'reply all' :) */
On Wed, May 18, 2016 at 8:29 AM, John Crispin wrote:
ok
On Wed, 18 May 2016, John Crispin wrote:
On 18/05/2016 09:21, Radu Anghel wrote:
/* sending again because i hit 'reply' instead of 'reply all' :) */
On Wed, May 18, 2016 at 8:29 AM, John Crispin wrote:
ok, there had been some discussion about building a super daemon that
runs, then ld-prelo
On 18/05/2016 09:49, Etienne Champetier wrote:
> Hi,
>
> 2016-05-18 9:25 GMT+02:00 John Crispin :
>>
>>
>> On 18/05/2016 09:21, Radu Anghel wrote:
>>> /* sending again because i hit 'reply' instead of 'reply all' :) */
>>>
>>> On Wed, May 18, 2016 at 8:29 AM, John Crispin wrote:
ok, t
On 18/05/2016 09:46, Ferry Huberts wrote:
>
>
> On 18/05/16 09:25, John Crispin wrote:
>>
>>
>> On 18/05/2016 09:21, Radu Anghel wrote:
>>> /* sending again because i hit 'reply' instead of 'reply all' :) */
>>>
>>> On Wed, May 18, 2016 at 8:29 AM, John Crispin wrote:
ok, there had b
Hi,
2016-05-18 9:25 GMT+02:00 John Crispin :
>
>
> On 18/05/2016 09:21, Radu Anghel wrote:
>> /* sending again because i hit 'reply' instead of 'reply all' :) */
>>
>> On Wed, May 18, 2016 at 8:29 AM, John Crispin wrote:
>>>
>>> ok, there had been some discussion about building a super daemon tha
On 18/05/16 09:25, John Crispin wrote:
On 18/05/2016 09:21, Radu Anghel wrote:
/* sending again because i hit 'reply' instead of 'reply all' :) */
On Wed, May 18, 2016 at 8:29 AM, John Crispin wrote:
ok, there had been some discussion about building a super daemon that
runs, then ld-prel
On Wed, 18 May 2016, John Crispin wrote:
On 18/05/2016 09:04, David Lang wrote:
The first question I would have is if we are going to the system users
in an essentially random order (as needed so two systems with the same
packages installed in a different order have different user->uid
mapping
On 18/05/2016 09:21, Radu Anghel wrote:
> /* sending again because i hit 'reply' instead of 'reply all' :) */
>
> On Wed, May 18, 2016 at 8:29 AM, John Crispin wrote:
>>
>> ok, there had been some discussion about building a super daemon that
>> runs, then ld-preloading bind() and co and using
/* sending again because i hit 'reply' instead of 'reply all' :) */
On Wed, May 18, 2016 at 8:29 AM, John Crispin wrote:
>
> ok, there had been some discussion about building a super daemon that
> runs, then ld-preloading bind() and co and using ubus to transport
> sockets around. using caps or /
On 18/05/2016 09:04, David Lang wrote:
>
> The first question I would have is if we are going to the system users
> in an essentially random order (as needed so two systems with the same
> packages installed in a different order have different user->uid
> mapping) or if we are going to define se
On Wed, 18 May 2016, John Crispin wrote:
On 18/05/2016 08:09, Daniel Curran-Dickinson wrote:
On 16-05-18 01:05 AM, John Crispin wrote:
Hi,
we had previously started building the infra for running stuff as !root.
so far we have added
* the userid/gid stuff
* acl on ubus
things that i know ar
On Wed, 18 May 2016, John Crispin wrote:
On 18/05/2016 08:08, David Lang wrote:
On Wed, 18 May 2016, John Crispin wrote:
Hi,
we had previously started building the infra for running stuff as !root.
so far we have added
* the userid/gid stuff
* acl on ubus
things that i know are missing
*
On 18/05/2016 08:09, Daniel Curran-Dickinson wrote:
> On 16-05-18 01:05 AM, John Crispin wrote:
>> Hi,
>>
>> we had previously started building the infra for running stuff as !root.
>> so far we have added
>>
>> * the userid/gid stuff
>> * acl on ubus
>>
>> things that i know are missing
>>
>> *
On 18/05/2016 08:08, David Lang wrote:
> On Wed, 18 May 2016, John Crispin wrote:
>
>> Hi,
>>
>> we had previously started building the infra for running stuff as !root.
>> so far we have added
>>
>> * the userid/gid stuff
>> * acl on ubus
>>
>> things that i know are missing
>>
>> * handling ne
On 16-05-18 01:05 AM, John Crispin wrote:
> Hi,
>
> we had previously started building the infra for running stuff as !root.
> so far we have added
>
> * the userid/gid stuff
> * acl on ubus
>
> things that i know are missing
>
> * handling network ports < 1024
>
> what am i missing ? can anyo
On Wed, 18 May 2016, John Crispin wrote:
Hi,
we had previously started building the infra for running stuff as !root.
so far we have added
* the userid/gid stuff
* acl on ubus
things that i know are missing
* handling network ports < 1024
what am i missing ? can anyone think of other issues
Hi,
we had previously started building the infra for running stuff as !root.
so far we have added
* the userid/gid stuff
* acl on ubus
things that i know are missing
* handling network ports < 1024
what am i missing ? can anyone think of other issues we need to address
before we change uid to
26 matches
Mail list logo
