Re: [Buildroot] [PATCH v2] package/chrony: add default unprivileged user option

["Yann E. MORIN" <yann.morin.1998@free.fr>]

Arnout, James, All,

On 2023-02-09 21:22 +0100, Arnout Vandecappelle spake thusly:
> On 08/02/2023 19:27, James Kent wrote:
> >Configurable option to define and enable by default an unprivileged
> >user which the Chrony daemon will assume once initialised. The
> >functionality requires libcap which is selected as necessary.
> >
> >This option supports the good security practice of dropping elevated
> >privileges for daemon runtime.
> >
> >The package configuration layout has been updated to current working
> >practice.
> >
> >Signed-off-by: James Kent <james.kent@orchestrated-technology.com>
> >---
[--SNIP--]
> >+config BR2_PACKAGE_CHRONY_USER
> >+	bool "chrony default unprivileged user"
>  Is there any reason to do this conditionally? For all other packages, we do
> it unconditionally.

From what I read, there are three situation to run chrony:
  - start as root and stay running as root;
  - start as root, setuid to a user either with a commandline option, or
    a configuration directive;
  - start as root, and setuid to a user defined at build-time (which can
    still be overriden on the commandline or a configuration directive).

What this patch does, is to allow for the third option.

As it was previously already possible to run as non-root, by just
enabling libcap in Buildroot's config, and adding the user configuration
directive in chrony's config file (or run it with -u), some people may
already do that in their setups, and we do not want to break that. So
those people do have eithe the config directive or the -u option, which
both take precendence over the build-time configuration.

As for those that do run as root, switching to a non-root user should
not have any impact in functionality.

So, we can safely unconditionally default to a compile-time non-root
user. Except, a linux kernel may only have the root user, see
CONFIG_MULTIUSER. But in that case we'd have tons of other packages that
are gonna whine...

Applied to master without the condition, thanks.

Regards,
Yann E. MORIN.

>  Regards,
>  Arnout
> 
> >+	select BR2_PACKAGE_LIBCAP
> >+	help
> >+	  Define and enable default unprivileged user for the Chrony
> >+	  daemon to run as.
> >+
> >+endif
> >diff --git a/package/chrony/chrony.mk b/package/chrony/chrony.mk
> >index 379e95a778..16f8f082a3 100644
> >--- a/package/chrony/chrony.mk
> >+++ b/package/chrony/chrony.mk
> >@@ -21,6 +21,14 @@ CHRONY_CONF_OPTS = \
> >  ifeq ($(BR2_PACKAGE_LIBCAP),y)
> >  CHRONY_DEPENDENCIES += libcap
> >+
> >+ifeq ($(BR2_PACKAGE_CHRONY_USER),y)
> >+CHRONY_CONF_OPTS += --with-user=chrony
> >+define CHRONY_USERS
> >+	chrony -1 chrony -1 * /run/chrony - - Time daemon
> >+endef
> >+endif
> >+
> >  else
> >  CHRONY_CONF_OPTS += --without-libcap
> >  endif

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot