From: Arseny Maslennikov <ar@cs.msu.ru>
To: Alex Gladkov <legion@altlinux.ru>, devel@lists.altlinux.org
Cc: ldv@altlinux.org
Subject: Re: [devel] [PATCH hasher-priv v1 1/3] Make a daemon from the hasher-priv
Date: Thu, 17 Sep 2020 16:10:13 +0300
Message-ID: <20200917131013.GB286846@cello> (raw)
In-Reply-To: <9bca7626b593f896de4283cba2d6290ec99eb4f2.1576183643.git.legion@altlinux.org>
[-- Attachment #1: Type: text/plain, Size: 4487 bytes --]
On Fri, Dec 13, 2019 at 12:42:03PM +0100, Alex Gladkov wrote:
> From: Alexey Gladkov <legion@altlinux.org>
>
> All privileged operations moved to the daemon. Commands to the server
> are sent through the unix domain socket. The credentials which the sender
> specifies are checked by the kernel. The hasher-priv no longer SUID.
I'm going to suggest some English literacy/typo improvements in a separate
email.
>
> For each user server creates a separate session process that executes
> commands only from the user who created it. The session process ends
Since that new process will still be privileged, why the additional fork
and the new listening socket inode? Is the strive for less complex
daemon source code the only driver for that, albeit a perfectly viable
one?
> after a certain period of inactivity.
No problem with that, but IMO we still should be careful
about resource leaks.
>
> Signed-off-by: Alexey Gladkov <legion@altlinux.org>
> ---
> hasher-priv/.gitignore | 1 +
> hasher-priv/DESIGN | 281 ++++++++++++++++----------
I'd like to see a formal description of the client-server protocol in e.
g. hasher-priv/IPC, that shows the intended message exchanges and
meanings. The message contents can be rather easily inferred from the C
headers, but the semantics cannot. This ends up as a source of
programming errors, see the other emails.
The relevant information is probably already present in the DESIGN file,
but, as this is documentation for humans, we should wrap it into a form
that's easier to comprehend without wasting much time.
I'm also worried about the message format using plain C ABI structs.
We're not going to use it over the network on machines with different
architectures, and we're never going to support a client and server from
different package builds, sure. But is this enough of a justification?
> hasher-priv/Makefile | 28 ++-
> hasher-priv/caller.c | 81 ++++----
After reading the following 2 new files...
> hasher-priv/caller_server.c | 373 ++++++++++++++++++++++++++++++++++
> hasher-priv/caller_task.c | 214 ++++++++++++++++++++
..., I'm not sure why do they have to be separate.
They can even be merged with caller.c, perhaps.
> hasher-priv/cmdline.c | 27 ++-
> hasher-priv/communication.c | 392 ++++++++++++++++++++++++++++++++++++
> hasher-priv/communication.h | 77 +++++++
> hasher-priv/config.c | 143 ++++++++++++-
> hasher-priv/epoll.c | 39 ++++
> hasher-priv/epoll.h | 18 ++
> hasher-priv/hasher-priv.c | 78 +++++++
> hasher-priv/hasher-privd.c | 375 ++++++++++++++++++++++++++++++++++
> hasher-priv/io_log.c | 2 +-
> hasher-priv/io_x11.c | 2 +-
> hasher-priv/killuid.c | 2 +-
> hasher-priv/logging.c | 64 ++++++
> hasher-priv/logging.h | 55 +++++
> hasher-priv/main.c | 75 -------
> hasher-priv/pass.c | 117 ++++++++++-
> hasher-priv/pidfile.c | 128 ++++++++++++
> hasher-priv/pidfile.h | 44 ++++
> hasher-priv/priv.h | 33 +--
> hasher-priv/server.conf | 13 ++
> hasher-priv/sockets.c | 183 +++++++++++++++++
> hasher-priv/sockets.h | 32 +++
> hasher-priv/x11.c | 1 +
> 28 files changed, 2632 insertions(+), 246 deletions(-)
> create mode 100644 hasher-priv/caller_server.c
> create mode 100644 hasher-priv/caller_task.c
> create mode 100644 hasher-priv/communication.c
> create mode 100644 hasher-priv/communication.h
> create mode 100644 hasher-priv/epoll.c
> create mode 100644 hasher-priv/epoll.h
> create mode 100644 hasher-priv/hasher-priv.c
> create mode 100644 hasher-priv/hasher-privd.c
> create mode 100644 hasher-priv/logging.c
> create mode 100644 hasher-priv/logging.h
> delete mode 100644 hasher-priv/main.c
> create mode 100644 hasher-priv/pidfile.c
> create mode 100644 hasher-priv/pidfile.h
> create mode 100644 hasher-priv/server.conf
> create mode 100644 hasher-priv/sockets.c
> create mode 100644 hasher-priv/sockets.h
Wow, this patch is rather big. That would be easier to review if there
was a bunch of logically self-contained commits, which could later be
squashed by the merging maintainer, perhaps, if there's a requirement
that every commit has to build successfully and run well.
I'm going to post reviews in separate messages, one answer per file.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2020-09-17 13:10 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-13 11:42 [devel] [PATCH hasher-priv v1 0/3] " Alex Gladkov
2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov
2020-09-17 13:10 ` Arseny Maslennikov [this message]
2020-10-01 19:43 ` Alexey Gladkov
2020-10-01 21:24 ` Arseny Maslennikov
2020-10-01 23:38 ` Alexey Gladkov
2020-09-17 13:10 ` [devel] [PATCH hasher-priv v1 1/3] *literacy* Arseny Maslennikov
2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] caller.c Arseny Maslennikov
2020-09-17 13:55 ` Arseny Maslennikov
2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] caller_server.c, caller_task.c Arseny Maslennikov
2020-10-01 19:47 ` Alexey Gladkov
2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] config.c Arseny Maslennikov
2020-09-18 10:42 ` Dmitry V. Levin
2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] hasher-privd.c Arseny Maslennikov
2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] logging.c Arseny Maslennikov
2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] Makefile Arseny Maslennikov
2020-09-17 15:09 ` Vladimir D. Seleznev
2020-09-18 10:48 ` Dmitry V. Levin
2020-09-18 10:54 ` Andrey Savchenko
2020-09-18 11:33 ` Dmitry V. Levin
2020-09-18 12:24 ` Arseny Maslennikov
2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] server.conf Arseny Maslennikov
2020-09-18 10:50 ` Dmitry V. Levin
2020-09-18 10:57 ` Arseny Maslennikov
2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files Alex Gladkov
2020-06-17 22:31 ` Mikhail Novosyolov
2020-06-17 22:38 ` Mikhail Novosyolov
2020-06-17 22:50 ` Alexey Gladkov
2020-06-17 22:43 ` Alexey Gladkov
2020-06-17 22:53 ` Mikhail Novosyolov
2020-09-17 13:10 ` Arseny Maslennikov
2020-10-01 17:25 ` Alexey Gladkov
2020-10-01 17:50 ` Arseny Maslennikov
2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 3/3] Add cgroup support Alex Gladkov
2020-09-17 13:11 ` Arseny Maslennikov
2020-10-01 19:17 ` Alexey Gladkov
2020-10-01 20:23 ` Arseny Maslennikov
2020-10-02 0:42 ` Alexey Gladkov
2020-10-02 11:46 ` Arseny Maslennikov
2020-10-02 12:58 ` Alexey Gladkov
2019-12-15 8:50 ` [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alexey Tourbin
2019-12-15 23:33 ` Andrey Savchenko
2019-12-16 9:35 ` Dmitry V. Levin
2019-12-29 11:03 ` Alexey Tourbin
2020-03-16 10:34 ` Alexey Gladkov
2020-06-17 22:01 ` Alexey Gladkov
2020-09-17 13:09 ` Arseny Maslennikov
2020-10-01 17:21 ` Alexey Gladkov
2020-10-01 17:44 ` Arseny Maslennikov
2020-10-01 20:01 ` Alexey Gladkov
2020-10-01 21:53 ` Arseny Maslennikov
2020-10-01 23:55 ` Alexey Gladkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200917131013.GB286846@cello \
--to=ar@cs.msu.ru \
--cc=devel@lists.altlinux.org \
--cc=ldv@altlinux.org \
--cc=legion@altlinux.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git