From: Joerg Schilling <schilling@fokus.fraunhofer.de>
To: schilling@fokus.fraunhofer.de, rlrevell@joe-job.com,
matthias.andree@gmx.de, linux-kernel@vger.kernel.org,
7eggert@gmx.de
Subject: Re: CD writing in future Linux (stirring up a hornets' nest) (was: Rationale for RLIMIT_MEMLOCK?)
Date: Tue, 24 Jan 2006 15:38:16 +0100 [thread overview]
Message-ID: <43D63BD8.nailCPI11XBZ8@burner> (raw)
In-Reply-To: <E1F1KG8-0000v7-3Q@be1.lrz>
Bodo Eggert <harvested.in.lkml@7eggert.dyndns.org> wrote:
> Joerg Schilling <schilling@fokus.fraunhofer.de> wrote:
>
> [...]
> > On Solaris, you (currently) use a profile enabled shell (pfsh, pfksh or pfcsh)
> > that calls getexecuser() in order to find whether there is a specific
> > treatment needed. If this specific treatment is needed, then the shell calls
> > execve(/usr/bin/pfexec cmd <args>)
> > else it calls execve(cmd <args>)
> >
> > I did recently voted to require all shells to be profile enabled by default.
>
> Why? I asume there will only be few programs requiring to be run by a
> wrapper, and mv /usr/bin/foo to /usr/pfexec-bin/foo;
> echo $'#!/bin/sh\n/usr/sbin/pfexec /usr/pfexec-bin/foo "$@"' > /usr/bin/foo;
> chmod 755 /usr/bin/foo
> should be easier than patching e.g. all callers of cdrecord, and it won't
> slow down starting non-profiled applications.
Because the architecture review commitee decided this would be the right way.
Note that we are on a migration from the classical root/non-root UNIX to a fine
grained privileges handling. The current documentation says that you need to
have a profile enabled shell as your SHELL in order to be able to use a
root-less Solaris.
> Possibly the pfexec can tell the application to be run by the basename (like
> su1), in this case you'd add something like
> "alias cdrecord /opt/schily/bin/cdrecord" to it's configuration and link it
> to /usr/bin/cdrecord.
But you are right that another way would be to use something like "isaexec"
> > The final priv would allow even vendor specific commands: this is what
> > cdrecord needs.
>
> That sounds reasonable, but I wonder how you can get access to a device
> file descriptor in order to do unprivileged access.
This is something that needs to be discussed. Last night, I found that there
should be a way to run cdrecord without the need to have the "file_dac_read"
provilege. I'll discuss this with the security group.
Jörg
--
EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
js@cs.tu-berlin.de (uni)
schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily
next prev parent reply other threads:[~2006-01-24 14:39 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <5y7B5-1dw-15@gated-at.bofh.it>
[not found] ` <5y7KL-1DZ-31@gated-at.bofh.it>
[not found] ` <5yddh-1pA-47@gated-at.bofh.it>
[not found] ` <5ydni-1Qq-3@gated-at.bofh.it>
[not found] ` <5yek1-3iP-53@gated-at.bofh.it>
[not found] ` <5yeth-3us-33@gated-at.bofh.it>
[not found] ` <5yf5O-4iF-19@gated-at.bofh.it>
[not found] ` <5yfI4-5kU-11@gated-at.bofh.it>
[not found] ` <5ygE4-6LK-35@gated-at.bofh.it>
[not found] ` <5yhqg-7ZR-5@gated-at.bofh.it>
[not found] ` <5yi2X-zm-7@gated-at.bofh.it>
2006-01-24 9:14 ` CD writing in future Linux (stirring up a hornets' nest) (was: Rationale for RLIMIT_MEMLOCK?) Bodo Eggert
2006-01-24 14:38 ` Joerg Schilling [this message]
2006-01-24 17:44 ` CD writing in future Linux (stirring up a hornets' nest) Bodo Eggert
[not found] ` <5ygDT-6LK-3@gated-at.bofh.it>
[not found] ` <5yscc-68j-5@gated-at.bofh.it>
[not found] ` <5ysvk-6JI-5@gated-at.bofh.it>
[not found] ` <5ysvk-6JI-3@gated-at.bofh.it>
[not found] ` <5yEn7-7Or-21@gated-at.bofh.it>
[not found] ` <5yUUI-6JR-15@gated-at.bofh.it>
2006-01-26 0:12 ` Rationale for RLIMIT_MEMLOCK? Bodo Eggert
2006-01-23 10:56 Matthias Andree
2006-01-23 11:05 ` Arjan van de Ven
2006-01-23 16:54 ` Matthias Andree
2006-01-23 17:00 ` Arjan van de Ven
2006-01-23 18:01 ` Matthias Andree
2006-01-23 18:13 ` Arjan van de Ven
2006-01-23 18:55 ` Matthias Andree
2006-01-23 19:38 ` Joerg Schilling
2006-01-23 20:30 ` Lee Revell
2006-01-23 21:21 ` CD writing in future Linux (stirring up a hornets' nest) (was: Rationale for RLIMIT_MEMLOCK?) Matthias Andree
2006-01-23 21:26 ` Lee Revell
2006-01-23 21:45 ` Joerg Schilling
2006-01-23 22:00 ` Lee Revell
2006-01-23 21:30 ` Lee Revell
2006-01-23 22:03 ` Joerg Schilling
2006-01-24 13:58 ` Joerg Schilling
2006-01-24 17:42 ` Jan Engelhardt
2006-01-25 14:04 ` Joerg Schilling
2006-01-25 14:21 ` Jens Axboe
2006-01-25 14:47 ` Jan Engelhardt
2006-01-25 14:55 ` Jens Axboe
2006-01-25 14:58 ` Jens Axboe
2006-01-25 17:00 ` Joerg Schilling
2006-01-25 17:23 ` Jens Axboe
2006-01-25 16:57 ` Joerg Schilling
2006-01-25 17:20 ` Jens Axboe
2006-01-25 20:16 ` Lee Revell
2006-01-26 21:06 ` Jan Engelhardt
2006-01-26 21:33 ` Vadim Lobanov
2006-01-26 21:48 ` Gene Heskett
2006-01-26 21:34 ` Vadim Lobanov
2006-01-26 12:32 ` Pavel Machek
2006-02-02 17:17 ` Luke-Jr
2006-02-03 14:08 ` Jan Engelhardt
2006-02-03 16:50 ` Joerg Schilling
2006-02-03 17:24 ` Luke-Jr
2006-02-06 13:51 ` Joerg Schilling
2006-02-06 14:01 ` Matthias Andree
2006-02-06 15:06 ` Peter Read
2006-02-06 17:25 ` Joerg Schilling
2006-02-07 10:57 ` Matthias Andree
2006-02-06 17:40 ` Luke-Jr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43D63BD8.nailCPI11XBZ8@burner \
--to=schilling@fokus.fraunhofer.de \
--cc=7eggert@gmx.de \
--cc=linux-kernel@vger.kernel.org \
--cc=matthias.andree@gmx.de \
--cc=rlrevell@joe-job.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).