From: Karel Zak <kzak@redhat.com>
To: Petr Uzel <petr.uzel@suse.cz>
Cc: util-linux@vger.kernel.org, "Ted Ts'o" <tytso@mit.edu>
Subject: Re: [PATCH 11/20] uuidd: introduce --keep-privs option
Date: Tue, 3 Apr 2012 15:32:26 +0200 [thread overview]
Message-ID: <20120403133226.GI1084@x2.net.home> (raw)
In-Reply-To: <1333039528-24784-12-git-send-email-petr.uzel@suse.cz>
On Thu, Mar 29, 2012 at 06:45:19PM +0200, Petr Uzel wrote:
> This option makes uuidd _not_ to drop its privileges if installed suid
> and exectued by root.
>
> Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
> ---
> misc-utils/uuidd.8 | 5 +++++
> misc-utils/uuidd.c | 7 ++++++-
> 2 files changed, 11 insertions(+), 1 deletions(-)
Please, drop this patch.
For socket activation we can use the "drop_privs = 0" internally, it's
unnecessary to export this functionality to command line.
Anyway, do we really need to support suid uuidd? What about to drop
all this stuff and require that uuidd has to be started by init
scripts only? What about to drop exec-from-library at all?
RHEL/Fedora/Suse starts uuidd by init, and for another distros is
whole uuidd almost unnecessary thing... It seems that Debian uses
suid uuidd, but I think that they can add an init script too.
IMHO the current exec-from-library and suid is not elegant solution.
Ted?
Karel
--
Karel Zak <kzak@redhat.com>
http://karelzak.blogspot.com
next prev parent reply other threads:[~2012-04-03 13:32 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-29 16:45 [PATCH 00/20] *** uuidd: refactoring & systemd support + build-sys fixes *** Petr Uzel
2012-03-29 16:45 ` [PATCH 01/20] uuidd: use UUIDD_OP_GETPID instead of magic number Petr Uzel
2012-03-29 16:45 ` [PATCH 02/20] uuidd: remove useless initialization of cleanup_socket Petr Uzel
2012-03-29 16:45 ` [PATCH 03/20] uuidd: factor out pidfile creation into separate function Petr Uzel
2012-03-29 16:45 ` [PATCH 04/20] uuidd: implement --no-pid option Petr Uzel
2012-04-03 12:51 ` Karel Zak
2012-04-05 7:36 ` Petr Uzel
2012-03-29 16:45 ` [PATCH 05/20] uuidd: implement --no-fork option Petr Uzel
2012-03-29 16:45 ` [PATCH 06/20] uuidd: factor out socket creation into separate function Petr Uzel
2012-03-29 16:45 ` [PATCH 07/20] uuidd: implement --socket-activation option Petr Uzel
2012-04-03 13:03 ` Karel Zak
2012-04-05 7:46 ` Petr Uzel
2012-03-29 16:45 ` [PATCH 08/20] uuidd: print all debugging information to stderr Petr Uzel
2012-03-29 16:45 ` [PATCH 09/20] uuidd: factor out dropping of privileges into separate function Petr Uzel
2012-03-29 16:45 ` [PATCH 10/20] uuidd: make drop_privs true by default in main() Petr Uzel
2012-03-29 21:29 ` Ted Ts'o
2012-03-31 16:38 ` Petr Uzel
2012-03-29 16:45 ` [PATCH 11/20] uuidd: introduce --keep-privs option Petr Uzel
2012-04-03 13:32 ` Karel Zak [this message]
2012-04-05 7:48 ` Petr Uzel
2012-03-29 16:45 ` [PATCH 12/20] uuidd: --socket-activation implies --keep-privs Petr Uzel
2012-04-03 13:38 ` Karel Zak
2012-04-05 7:49 ` Petr Uzel
2012-03-29 16:45 ` [PATCH 13/20] uuidd: add systemd unit files Petr Uzel
2012-04-03 14:01 ` Karel Zak
2012-04-03 14:47 ` Tom Gundersen
2012-04-05 7:52 ` Petr Uzel
2012-04-05 8:23 ` Karel Zak
2012-03-29 16:45 ` [PATCH 14/20] libuuid: use EXIT_FAILURE Petr Uzel
2012-03-29 16:45 ` [PATCH 15/20] libuuid: implement --disable-libuuid-exec-uuidd configure option Petr Uzel
2012-03-29 16:45 ` [PATCH 16/20] libuuid: fix typo in uuid_compare manpage Petr Uzel
2012-03-29 16:45 ` [PATCH 17/20] build-sys: run distcheck with verbose make rules Petr Uzel
2012-03-29 16:45 ` [PATCH 18/20] build-sys: add ttyutils.h to dist Petr Uzel
2012-03-29 16:45 ` [PATCH 19/20] build-sys: add fsprobe.h " Petr Uzel
2012-03-29 16:45 ` [PATCH 20/20] build-sys: fix installation of uuidd units with make distcheck Petr Uzel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120403133226.GI1084@x2.net.home \
--to=kzak@redhat.com \
--cc=petr.uzel@suse.cz \
--cc=tytso@mit.edu \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox