From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B202F1DF261 for ; Thu, 27 Nov 2025 12:55:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764248111; cv=none; b=hAKjWJrS1k+fJfwWXGqCm1zltghfYa2LFVEMvP6VIC5BASiqHbtRobd/TAEII3xOpn6uqPIqFMsTmajAuOAo0/niZs10A76FnbozTz4qzzlThQZFQPno13/ZT2KX8JqnBuAewKzBSzgWpuPDp4lPAL2U4oC/ExfCkfNnv35nw/8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764248111; c=relaxed/simple; bh=zbmfSpFgRw2gM8+xB+rL8zx6dxucISc4kqDXFSvPP90=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=Ek96U4xWireEc1cZQHhj1tMGp3JE9f/YcLACEtBNAZeKPRujZffDSLS1TI4E6YLXeKWxyqQXMKh1kzXAyZ68/Ibfx0WY3jxvSEX3noft0CpLoKqlGHC/ZK/KNZSSAt/twzU2cJWkhJJdpiPYNsogQ1LC1TYvJdhCQBZHEDPAr3Y= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 04FAE336A2; Thu, 27 Nov 2025 12:55:08 +0000 (UTC) Authentication-Results: smtp-out1.suse.de; none Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id C06963EA63; Thu, 27 Nov 2025 12:55:07 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id J+vdLStKKGlyLgAAD6G6ig (envelope-from ); Thu, 27 Nov 2025 12:55:07 +0000 Date: Thu, 27 Nov 2025 13:55:06 +0100 From: Petr Vorel To: Li Wang Cc: ltp@lists.linux.it, Mimi Zohar , linux-integrity@vger.kernel.org, selinux@vger.kernel.org, Cyril Hrubis , Jan Stancek Subject: Re: [PATCH v3 1/4] shell: Add tst_sudo.c helper Message-ID: <20251127125506.GA244936@pevik> Reply-To: Petr Vorel References: <20251127082638.224110-1-pvorel@suse.cz> <20251127082638.224110-2-pvorel@suse.cz> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spam-Flag: NO X-Spam-Score: -4.00 X-Spam-Level: X-Spamd-Result: default: False [-4.00 / 50.00]; REPLY(-4.00)[] X-Rspamd-Queue-Id: 04FAE336A2 X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Action: no action X-Rspamd-Server: rspamd1.dmz-prg2.suse.org > On Thu, Nov 27, 2025 at 7:57 PM Li Wang wrote: > > Hi Petr, > > I feel that the filename tst_sudo.c is a bit misleading. The helper > > doesn’t > > replicate sudo behavior (authentication, privilege escalation), it simply > > drops from root to a fixed UID/GID before executing a command. > > So readers may expect a “sudo-like” elevation wrapper when, however > > it’s a privilege-dropping trampoline. Thanks, makes sense. > > What about renaming it to: > > tst_runas.c, > > tst_runas_nobody.c, or > > tst_drop_privs.c? > Personally, I prefer the tst_runas_nody.c because it reflects the > default privilege, > but due it supports the more env so contains "su" maybe better: > tst_su_switch.c, tst_su_cmd.c I'd be ok with tst_su.c, but sure tst_su_cmd.c is ok as well. I'll wait little longer for feedback from others. Kind regards, Petr From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from picard.linux.it (picard.linux.it [213.254.12.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8CD1AD11183 for ; Thu, 27 Nov 2025 12:55:27 +0000 (UTC) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id AE9003CCA24 for ; Thu, 27 Nov 2025 13:55:25 +0100 (CET) Received: from in-7.smtp.seeweb.it (in-7.smtp.seeweb.it [217.194.8.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id ED4CC3C2DA2 for ; Thu, 27 Nov 2025 13:55:09 +0100 (CET) Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-7.smtp.seeweb.it (Postfix) with ESMTPS id 8E8982009DB for ; Thu, 27 Nov 2025 13:55:08 +0100 (CET) Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 04FAE336A2; Thu, 27 Nov 2025 12:55:08 +0000 (UTC) Authentication-Results: smtp-out1.suse.de; none Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id C06963EA63; Thu, 27 Nov 2025 12:55:07 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id J+vdLStKKGlyLgAAD6G6ig (envelope-from ); Thu, 27 Nov 2025 12:55:07 +0000 Date: Thu, 27 Nov 2025 13:55:06 +0100 From: Petr Vorel To: Li Wang Message-ID: <20251127125506.GA244936@pevik> References: <20251127082638.224110-1-pvorel@suse.cz> <20251127082638.224110-2-pvorel@suse.cz> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 50.00]; REPLY(-4.00)[] X-Rspamd-Queue-Id: 04FAE336A2 X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Action: no action X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Virus-Scanned: clamav-milter 1.0.9 at in-7.smtp.seeweb.it X-Virus-Status: Clean Subject: Re: [LTP] [PATCH v3 1/4] shell: Add tst_sudo.c helper X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Petr Vorel Cc: selinux@vger.kernel.org, linux-integrity@vger.kernel.org, ltp@lists.linux.it Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: ltp-bounces+ltp=archiver.kernel.org@lists.linux.it Sender: "ltp" PiBPbiBUaHUsIE5vdiAyNywgMjAyNSBhdCA3OjU34oCvUE0gTGkgV2FuZyA8bGl3YW5nQHJlZGhh dC5jb20+IHdyb3RlOgoKPiA+IEhpIFBldHIsCgo+ID4gSSBmZWVsIHRoYXQgdGhlIGZpbGVuYW1l IHRzdF9zdWRvLmMgaXMgYSBiaXQgbWlzbGVhZGluZy4gVGhlIGhlbHBlcgo+ID4gZG9lc27igJl0 Cj4gPiByZXBsaWNhdGUgc3VkbyBiZWhhdmlvciAoYXV0aGVudGljYXRpb24sIHByaXZpbGVnZSBl c2NhbGF0aW9uKSwgaXQgc2ltcGx5Cj4gPiBkcm9wcyBmcm9tIHJvb3QgdG8gYSBmaXhlZCBVSUQv R0lEIGJlZm9yZSBleGVjdXRpbmcgYSBjb21tYW5kLgoKPiA+IFNvIHJlYWRlcnMgbWF5IGV4cGVj dCBhIOKAnHN1ZG8tbGlrZeKAnSBlbGV2YXRpb24gd3JhcHBlciB3aGVuLCBob3dldmVyCj4gPiBp dOKAmXMgYSBwcml2aWxlZ2UtZHJvcHBpbmcgdHJhbXBvbGluZS4KClRoYW5rcywgbWFrZXMgc2Vu c2UuCgo+ID4gV2hhdCBhYm91dCByZW5hbWluZyBpdCB0bzoKPiA+ICAgdHN0X3J1bmFzLmMsCj4g PiAgIHRzdF9ydW5hc19ub2JvZHkuYywgb3IKPiA+ICAgdHN0X2Ryb3BfcHJpdnMuYz8KCj4gUGVy c29uYWxseSwgSSBwcmVmZXIgdGhlIHRzdF9ydW5hc19ub2R5LmMgYmVjYXVzZSBpdCByZWZsZWN0 cyB0aGUKPiBkZWZhdWx0IHByaXZpbGVnZSwKPiBidXQgZHVlIGl0IHN1cHBvcnRzIHRoZSBtb3Jl IGVudiBzbyBjb250YWlucyAic3UiIG1heWJlIGJldHRlcjoKPiAgIHRzdF9zdV9zd2l0Y2guYywg dHN0X3N1X2NtZC5jCgpJJ2QgYmUgb2sgd2l0aCB0c3Rfc3UuYywgYnV0IHN1cmUgdHN0X3N1X2Nt ZC5jIGlzIG9rIGFzIHdlbGwuCkknbGwgd2FpdCBsaXR0bGUgbG9uZ2VyIGZvciBmZWVkYmFjayBm cm9tIG90aGVycy4KCktpbmQgcmVnYXJkcywKUGV0cgoKLS0gCk1haWxpbmcgbGlzdCBpbmZvOiBo dHRwczovL2xpc3RzLmxpbnV4Lml0L2xpc3RpbmZvL2x0cAo=