linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Joerg Schilling <schilling@fokus.fraunhofer.de>
To: schilling@fokus.fraunhofer.de, rlrevell@joe-job.com,
	matthias.andree@gmx.de, linux-kernel@vger.kernel.org,
	7eggert@gmx.de
Subject: Re: CD writing in future Linux (stirring up a hornets' nest) (was:    Rationale for RLIMIT_MEMLOCK?)
Date: Tue, 24 Jan 2006 15:38:16 +0100	[thread overview]
Message-ID: <43D63BD8.nailCPI11XBZ8@burner> (raw)
In-Reply-To: <E1F1KG8-0000v7-3Q@be1.lrz>

Bodo Eggert <harvested.in.lkml@7eggert.dyndns.org> wrote:

> Joerg Schilling <schilling@fokus.fraunhofer.de> wrote:
>
> [...]
> > On Solaris, you (currently) use a profile enabled shell (pfsh, pfksh or pfcsh)
> > that calls getexecuser() in order to find whether there is a specific
> > treatment needed. If this specific treatment is needed, then the shell calls
> > execve(/usr/bin/pfexec cmd <args>)
> > else it calls  execve(cmd <args>)
> > 
> > I did recently voted to require all shells to be profile enabled by default.
>
> Why? I asume there will only be few programs requiring to be run by a
> wrapper, and mv /usr/bin/foo to /usr/pfexec-bin/foo;
> echo $'#!/bin/sh\n/usr/sbin/pfexec /usr/pfexec-bin/foo "$@"' > /usr/bin/foo;
> chmod 755 /usr/bin/foo
> should be easier than patching e.g. all callers of cdrecord, and it won't
> slow down starting non-profiled applications.

Because the architecture review commitee decided this would be the right way.

Note that we are on a migration from the classical root/non-root UNIX to a fine 
grained privileges handling. The current documentation says that you need to 
have a profile enabled shell as your SHELL in order to be able to use a 
root-less Solaris.

> Possibly the pfexec can tell the application to be run by the basename (like
> su1), in this case you'd add something like
> "alias cdrecord /opt/schily/bin/cdrecord" to it's configuration and link it
> to /usr/bin/cdrecord.

But you are right that another way would be to use something like "isaexec"

> > The final priv would allow even vendor specific commands: this is what
> > cdrecord needs.
>
> That sounds reasonable, but I wonder how you can get access to a device
> file descriptor in order to do unprivileged access.

This is something that needs to be discussed. Last night, I found that there 
should be a way to run cdrecord without the need to have the "file_dac_read"
provilege. I'll discuss this with the security group.



Jörg

-- 
 EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
       js@cs.tu-berlin.de                (uni)  
       schilling@fokus.fraunhofer.de     (work) Blog: http://schily.blogspot.com/
 URL:  http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily

  reply	other threads:[~2006-01-24 14:39 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <5y7B5-1dw-15@gated-at.bofh.it>
     [not found] ` <5y7KL-1DZ-31@gated-at.bofh.it>
     [not found]   ` <5yddh-1pA-47@gated-at.bofh.it>
     [not found]     ` <5ydni-1Qq-3@gated-at.bofh.it>
     [not found]       ` <5yek1-3iP-53@gated-at.bofh.it>
     [not found]         ` <5yeth-3us-33@gated-at.bofh.it>
     [not found]           ` <5yf5O-4iF-19@gated-at.bofh.it>
     [not found]             ` <5yfI4-5kU-11@gated-at.bofh.it>
     [not found]               ` <5ygE4-6LK-35@gated-at.bofh.it>
     [not found]                 ` <5yhqg-7ZR-5@gated-at.bofh.it>
     [not found]                   ` <5yi2X-zm-7@gated-at.bofh.it>
2006-01-24  9:14                     ` CD writing in future Linux (stirring up a hornets' nest) (was: Rationale for RLIMIT_MEMLOCK?) Bodo Eggert
2006-01-24 14:38                       ` Joerg Schilling [this message]
2006-01-24 17:44                         ` CD writing in future Linux (stirring up a hornets' nest) Bodo Eggert
     [not found]               ` <5ygDT-6LK-3@gated-at.bofh.it>
     [not found]                 ` <5yscc-68j-5@gated-at.bofh.it>
     [not found]                   ` <5ysvk-6JI-5@gated-at.bofh.it>
     [not found]                     ` <5ysvk-6JI-3@gated-at.bofh.it>
     [not found]                       ` <5yEn7-7Or-21@gated-at.bofh.it>
     [not found]                         ` <5yUUI-6JR-15@gated-at.bofh.it>
2006-01-26  0:12                           ` Rationale for RLIMIT_MEMLOCK? Bodo Eggert
2006-01-23 10:56 Matthias Andree
2006-01-23 11:05 ` Arjan van de Ven
2006-01-23 16:54   ` Matthias Andree
2006-01-23 17:00     ` Arjan van de Ven
2006-01-23 18:01       ` Matthias Andree
2006-01-23 18:13         ` Arjan van de Ven
2006-01-23 18:55           ` Matthias Andree
2006-01-23 19:38             ` Joerg Schilling
2006-01-23 20:30               ` Lee Revell
2006-01-23 21:21                 ` CD writing in future Linux (stirring up a hornets' nest) (was: Rationale for RLIMIT_MEMLOCK?) Matthias Andree
2006-01-23 21:26                   ` Lee Revell
2006-01-23 21:45                     ` Joerg Schilling
2006-01-23 22:00                       ` Lee Revell
2006-01-23 21:30                   ` Lee Revell
2006-01-23 22:03                   ` Joerg Schilling
2006-01-24 13:58                   ` Joerg Schilling
2006-01-24 17:42                   ` Jan Engelhardt
2006-01-25 14:04                     ` Joerg Schilling
2006-01-25 14:21                       ` Jens Axboe
2006-01-25 14:47                         ` Jan Engelhardt
2006-01-25 14:55                           ` Jens Axboe
2006-01-25 14:58                             ` Jens Axboe
2006-01-25 17:00                             ` Joerg Schilling
2006-01-25 17:23                               ` Jens Axboe
2006-01-25 16:57                           ` Joerg Schilling
2006-01-25 17:20                             ` Jens Axboe
2006-01-25 20:16                             ` Lee Revell
2006-01-26 21:06                             ` Jan Engelhardt
2006-01-26 21:33                               ` Vadim Lobanov
2006-01-26 21:48                                 ` Gene Heskett
2006-01-26 21:34                               ` Vadim Lobanov
2006-01-26 12:32                       ` Pavel Machek
2006-02-02 17:17                     ` Luke-Jr
2006-02-03 14:08                       ` Jan Engelhardt
2006-02-03 16:50                         ` Joerg Schilling
2006-02-03 17:24                         ` Luke-Jr
2006-02-06 13:51                           ` Joerg Schilling
2006-02-06 14:01                             ` Matthias Andree
2006-02-06 15:06                             ` Peter Read
2006-02-06 17:25                               ` Joerg Schilling
2006-02-07 10:57                                 ` Matthias Andree
2006-02-06 17:40                             ` Luke-Jr

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43D63BD8.nailCPI11XBZ8@burner \
    --to=schilling@fokus.fraunhofer.de \
    --cc=7eggert@gmx.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=matthias.andree@gmx.de \
    --cc=rlrevell@joe-job.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).