/var/run/directory/
Colin Walters
walters at redhat.com
Sun Oct 3 18:51:00 UTC 2004
On Sun, 2004-10-03 at 10:37 -0700, Steve G wrote:
> OK, this sounds like just changing where a daemon writes the pid file instead of
> re-writing the code so fchown isn't called. Good.
Right.
> >> There are only 3 daemons that I can think of that need to be root:
> >>sshd, xinetd, crond.
> >
> >It can be a very significant amount of work to change a daemon to run as
> >non-root, like dhcpcd.
>
> Right. However, I think in the long term, you want to get as many converted as
> possible. That adds 1 more layer of protection just in case someone figures out a
> hole in se linux.
True. But you have to weigh the effort involved in that versus other
security threats, and I don't think in a lot of these cases it's worth
it.
> >There's still the general problem with discretionary access control here
> >too - A simple misconfiguration in for one of the daemons before it
> >drops root privileges could cause it to overwrite the pid file for
> >another daemon, violating the system security policy.
>
> I haven't seen this, you'd have to code an exploit just for it.
I'm not talking about an exploit; a system administrator could
accidentally overwrite e.g. the <pidfile> section
of /etc/dbus/system.conf when pasting in configuration from elsewhere.
SELinux will prevent the configuration error from damaging the rest of
the system.
> I'm not against the proposal. I think it helps. I just want to try to air some of
> the details so more people understand what's be proposed.
Makes sense.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20041003/48617d4c/attachment.sig>
More information about the fedora-devel-list
mailing list