* [B.A.T.M.A.N.] running alfred as unprivileged user
@ 2015-02-04 20:06 MK
2015-02-05 12:29 ` Simon Wunderlich
0 siblings, 1 reply; 3+ messages in thread
From: MK @ 2015-02-04 20:06 UTC (permalink / raw)
To: b.a.t.m.a.n
Hi list!
Alfred daemon runs as user root in our current setup on the gateway.
Regarding the faulty buffer size checks and improper use of strcpy in recent
history of this software this seems to be a very bad idea.
What are the requirements for the user running alfred? Which elevated
privileges does alfred really need? Is it possible to drop the privileges
after setting up the interface bindings?
Thanks,
Martin
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [B.A.T.M.A.N.] running alfred as unprivileged user
2015-02-04 20:06 [B.A.T.M.A.N.] running alfred as unprivileged user MK
@ 2015-02-05 12:29 ` Simon Wunderlich
2015-02-06 19:26 ` MK
0 siblings, 1 reply; 3+ messages in thread
From: Simon Wunderlich @ 2015-02-05 12:29 UTC (permalink / raw)
To: b.a.t.m.a.n; +Cc: MK
[-- Attachment #1: Type: text/plain, Size: 811 bytes --]
Hi Martin,
On Wednesday 04 February 2015 21:06:33 MK wrote:
> Hi list!
>
> Alfred daemon runs as user root in our current setup on the gateway.
>
> Regarding the faulty buffer size checks and improper use of strcpy in recent
> history of this software this seems to be a very bad idea.
that's a good point.
>
> What are the requirements for the user running alfred? Which elevated
> privileges does alfred really need? Is it possible to drop the privileges
> after setting up the interface bindings?
What spontaneously comes to my mind would be:
* network socket to send/receive UDP packets
* unix socket to talk to clients (but that may be changed by using a different
path)
* access to debugfs to get batman information
Patches are very welcome to implement dropping privileges.
Thanks,
Simon
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [B.A.T.M.A.N.] running alfred as unprivileged user
2015-02-05 12:29 ` Simon Wunderlich
@ 2015-02-06 19:26 ` MK
0 siblings, 0 replies; 3+ messages in thread
From: MK @ 2015-02-06 19:26 UTC (permalink / raw)
To: b.a.t.m.a.n
Hi Simon!
> Patches are very welcome to implement dropping privileges.
Unfortunately I'm no C programmer, but I'll keep researching this issue.
Martin
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-02-06 19:26 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-04 20:06 [B.A.T.M.A.N.] running alfred as unprivileged user MK
2015-02-05 12:29 ` Simon Wunderlich
2015-02-06 19:26 ` MK
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).