From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/5225 Path: news.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: musl 1.0.x branch Date: Tue, 10 Jun 2014 17:55:18 -0400 Message-ID: <20140610215518.GP179@brightrain.aerifal.cx> References: <20140606175617.GA3914@brightrain.aerifal.cx> <20140609112352.1e7ad51e@ncopa-desktop.alpinelinux.org> <20140609200830.GK179@brightrain.aerifal.cx> <20140610094351.GE20596@example.net> <20140610160356.GL179@brightrain.aerifal.cx> <20140610232506.7f9558c2@ncopa-laptop> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1402438409 27662 80.91.229.3 (10 Jun 2014 22:13:29 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 10 Jun 2014 22:13:29 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-5230-gllmg-musl=m.gmane.org@lists.openwall.com Wed Jun 11 00:13:24 2014 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1WuU16-0000SQ-Eq for gllmg-musl@plane.gmane.org; Tue, 10 Jun 2014 23:55:40 +0200 Original-Received: (qmail 32744 invoked by uid 550); 10 Jun 2014 21:55:30 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 32736 invoked from network); 10 Jun 2014 21:55:30 -0000 Content-Disposition: inline In-Reply-To: <20140610232506.7f9558c2@ncopa-laptop> User-Agent: Mutt/1.5.21 (2010-09-15) Original-Sender: Rich Felker Xref: news.gmane.org gmane.linux.lib.musl.general:5225 Archived-At: On Tue, Jun 10, 2014 at 11:25:06PM +0200, Natanael Copa wrote: > On Tue, 10 Jun 2014 12:03:56 -0400 > Rich Felker wrote: > > > FYI you can emulate the usefulness of suid, without the danger, by > > having a daemon on a unix socket that you connect to which provides > > the functionality. This is a vastly superior design because there is > > exactly one input channel to the code running with elevated privileges > > (the socket) as opposed to unboundedly many (environment, open fds, > > resource limits, working directory, priority, signal mask and > > dispositions, cpu affinity, ... and whatever else the kernel folks add > > in the future). > > You probably knew but this is what OpenBSD does instead of suid + PAM: > http://en.wikipedia.org/wiki/BSD_Authentication > > I have always liked this approach. I'm not really familiar with BSD stuff, but yes, it sounds like a much better alternative to the insanity (which is the only way you can describe loading arbitrary, poorly-written code directly into privileged processes for authentication/login purposes) of PAM. Of course an independent PAM implementation could do the same thing by offloading the actual work to a separate authentication daemon (and dropping support for all of the other junk PAM can do to the calling process) while keeping the same API or even ABI. Rich