From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/5217 Path: news.gmane.org!not-for-mail From: Laurent Bercot Newsgroups: gmane.linux.lib.musl.general Subject: Re: musl 1.0.x branch Date: Tue, 10 Jun 2014 17:50:51 +0100 Message-ID: <5397376B.3000300@skarnet.org> References: <20140606175617.GA3914@brightrain.aerifal.cx> <20140609112352.1e7ad51e@ncopa-desktop.alpinelinux.org> <20140609200830.GK179@brightrain.aerifal.cx> <20140610094351.GE20596@example.net> <20140610160356.GL179@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Trace: ger.gmane.org 1402419072 5251 80.91.229.3 (10 Jun 2014 16:51:12 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 10 Jun 2014 16:51:12 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-5222-gllmg-musl=m.gmane.org@lists.openwall.com Tue Jun 10 18:51:07 2014 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1WuPGI-0000XI-1x for gllmg-musl@plane.gmane.org; Tue, 10 Jun 2014 18:51:02 +0200 Original-Received: (qmail 3709 invoked by uid 550); 10 Jun 2014 16:51:01 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 3701 invoked from network); 10 Jun 2014 16:51:01 -0000 X-SourceIP: 80.111.163.198 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 In-Reply-To: <20140610160356.GL179@brightrain.aerifal.cx> Xref: news.gmane.org gmane.linux.lib.musl.general:5217 Archived-At: On 10/06/2014 17:03, Rich Felker wrote: > FYI you can emulate the usefulness of suid, without the danger, by > having a daemon on a unix socket that you connect to which provides > the functionality. This is a vastly superior design because there is > exactly one input channel to the code running with elevated privileges > (the socket) as opposed to unboundedly many (environment, open fds, > resource limits, working directory, priority, signal mask and > dispositions, cpu affinity, ... and whatever else the kernel folks add > in the future). And now there are even programs designed to help you do exactly that: http://skarnet.org/software/s6-networking/s6-sudo.html (Shameless plug of the day: achieved) However, despite being a good solution for noninteractive programs, the unix socket mechanism isn't perfect. There are a lot of things it cannot transmit without significant trouble - in particular terminals and everything job-control-related, and signals, etc. I've done quite a bit of thinking while writing s6-sudo, and my conclusion was that it's a daunting task to get everything working properly with programs that need a terminal; it would require ugly wrappers à la ptyget, and more. I'm not convinced it's even worth trying, as opposed to tackling the existing terminal-using privilege-granting programs and kicking the suid out of them. -- Laurent