From: Jan Kiszka <jan.kiszka@domain.hid>
To: Anders Blomdell <anders.blomdell@domain.hid>
Cc: xenomai@xenomai.org
Subject: Re: [Xenomai-help] Xenomai and capabilities
Date: Mon, 11 Oct 2010 18:17:47 +0200 [thread overview]
Message-ID: <4CB338AB.3070803@domain.hid> (raw)
In-Reply-To: <4CB33738.206@domain.hid>
Am 11.10.2010 18:11, Anders Blomdell wrote:
> We are planning to extend our use of xenomai to a wider audience at our
> department, and therefore I would like to know which is the better way to let
> users run xenomai programs with a minimum of system privileges, the
> possibilities I can see are:
>
> 1. Let the user run anything as root; simple but obviously a security nightmare.
> 2. Write a suid program that let's its children inherit the right capabilities
> and then does a seteuid and does an execve; unfortunately this implies that the
> program that is execve'd has the right capabilties set [which has to be done by
> the suid program as well], and this can only be done on filesystems that can
> have extended attributes (i.e. no FAT, NFS, etc).
> 3. Write a suid program that drops all unneeded privileges and then use dlopen
> and friends to execute the user code.
>
> I guess that there exists better ways, so somebody please enlighten me.
>
A bit better, but not perfect:
http://www.xenomai.org/index.php/Non-root_RT
Combining this with mediated hardware access (robust drivers) and
enabling the Xenomai watchdog should provide a reasonably safe&secure
environment.
Jan
--
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux
next prev parent reply other threads:[~2010-10-11 16:17 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-11 16:11 [Xenomai-help] Xenomai and capabilities Anders Blomdell
2010-10-11 16:17 ` Gilles Chanteperdrix
2010-10-11 16:17 ` Jan Kiszka [this message]
2010-10-11 16:23 ` Gilles Chanteperdrix
2010-10-11 16:44 ` Jan Kiszka
2010-10-11 16:49 ` Gilles Chanteperdrix
2010-10-11 16:58 ` Jan Kiszka
2010-10-12 9:25 ` Anders Blomdell
2010-10-12 10:23 ` Anders Blomdell
2010-10-12 12:56 ` Anders Blomdell
2010-10-12 13:53 ` Gilles Chanteperdrix
2010-10-12 14:42 ` Anders Blomdell
2010-10-12 14:57 ` Gilles Chanteperdrix
2010-10-12 15:29 ` Anders Blomdell
2010-10-12 15:41 ` Gilles Chanteperdrix
2010-10-12 15:33 ` Philippe Gerum
2010-10-12 17:20 ` Jan Kiszka
2010-10-12 18:01 ` Anders Blomdell
2010-10-12 18:13 ` Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CB338AB.3070803@domain.hid \
--to=jan.kiszka@domain.hid \
--cc=anders.blomdell@domain.hid \
--cc=xenomai@xenomai.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.