* [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv @ 2019-12-13 11:42 Alex Gladkov 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov ` (6 more replies) 0 siblings, 7 replies; 52+ messages in thread From: @ 2019-12-13 11:42 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* [devel] [PATCH hasher-priv v1 1/3] Make a daemon from the hasher-priv 2019-12-13 11:42 [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alex Gladkov @ 2019-12-13 11:42 ` Alex Gladkov 2020-09-17 13:10 ` Arseny Maslennikov ` (8 more replies) 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files Alex Gladkov ` (5 subsequent siblings) 6 siblings, 9 replies; 52+ messages in thread From: @ 2019-12-13 11:42 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] Make a daemon from the hasher-priv 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov @ 2020-09-17 13:10 ` Arseny Maslennikov 2020-10-01 19:43 ` Alexey Gladkov 2020-09-17 13:10 ` [devel] [PATCH hasher-priv v1 1/3] *literacy* Arseny Maslennikov ` (7 subsequent siblings) 8 siblings, 1 reply; 52+ messages in thread From: @ 2020-09-17 13:10 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] Make a daemon from the hasher-priv 2020-09-17 13:10 ` Arseny Maslennikov @ 2020-10-01 19:43 ` Alexey Gladkov 2020-10-01 21:24 ` Arseny Maslennikov 0 siblings, 1 reply; 52+ messages in thread From: @ 2020-10-01 19:43 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] Make a daemon from the hasher-priv 2020-10-01 19:43 ` Alexey Gladkov @ 2020-10-01 21:24 ` Arseny Maslennikov 2020-10-01 23:38 ` Alexey Gladkov 0 siblings, 1 reply; 52+ messages in thread From: @ 2020-10-01 21:24 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] Make a daemon from the hasher-priv 2020-10-01 21:24 ` Arseny Maslennikov @ 2020-10-01 23:38 ` Alexey Gladkov 0 siblings, 0 replies; 52+ messages in thread From: @ 2020-10-01 23:38 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] *literacy* 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov 2020-09-17 13:10 ` Arseny Maslennikov @ 2020-09-17 13:10 ` Arseny Maslennikov 2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] caller.c Arseny Maslennikov ` (6 subsequent siblings) 8 siblings, 0 replies; 52+ messages in thread From: @ 2020-09-17 13:10 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] caller.c 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov 2020-09-17 13:10 ` Arseny Maslennikov 2020-09-17 13:10 ` [devel] [PATCH hasher-priv v1 1/3] *literacy* Arseny Maslennikov @ 2020-09-17 13:11 ` Arseny Maslennikov 2020-09-17 13:55 ` Arseny Maslennikov 2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] caller_server.c, caller_task.c Arseny Maslennikov ` (5 subsequent siblings) 8 siblings, 1 reply; 52+ messages in thread From: @ 2020-09-17 13:11 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] caller.c 2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] caller.c Arseny Maslennikov @ 2020-09-17 13:55 ` Arseny Maslennikov 0 siblings, 0 replies; 52+ messages in thread From: @ 2020-09-17 13:55 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] caller_server.c, caller_task.c 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov ` (2 preceding siblings ...) 2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] caller.c Arseny Maslennikov @ 2020-09-17 13:11 ` Arseny Maslennikov 2020-10-01 19:47 ` Alexey Gladkov 2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] config.c Arseny Maslennikov ` (4 subsequent siblings) 8 siblings, 1 reply; 52+ messages in thread From: @ 2020-09-17 13:11 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] caller_server.c, caller_task.c 2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] caller_server.c, caller_task.c Arseny Maslennikov @ 2020-10-01 19:47 ` Alexey Gladkov 0 siblings, 0 replies; 52+ messages in thread From: @ 2020-10-01 19:47 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] config.c 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov ` (3 preceding siblings ...) 2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] caller_server.c, caller_task.c Arseny Maslennikov @ 2020-09-17 13:11 ` Arseny Maslennikov 2020-09-18 10:42 ` Dmitry V. Levin 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] hasher-privd.c Arseny Maslennikov ` (3 subsequent siblings) 8 siblings, 1 reply; 52+ messages in thread From: @ 2020-09-17 13:11 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] config.c 2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] config.c Arseny Maslennikov @ 2020-09-18 10:42 ` Dmitry V. Levin 0 siblings, 0 replies; 52+ messages in thread From: @ 2020-09-18 10:42 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] hasher-privd.c 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov ` (4 preceding siblings ...) 2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] config.c Arseny Maslennikov @ 2020-09-17 13:12 ` Arseny Maslennikov 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] logging.c Arseny Maslennikov ` (2 subsequent siblings) 8 siblings, 0 replies; 52+ messages in thread From: @ 2020-09-17 13:12 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] logging.c 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov ` (5 preceding siblings ...) 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] hasher-privd.c Arseny Maslennikov @ 2020-09-17 13:12 ` Arseny Maslennikov 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] Makefile Arseny Maslennikov 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] server.conf Arseny Maslennikov 8 siblings, 0 replies; 52+ messages in thread From: @ 2020-09-17 13:12 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] Makefile 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov ` (6 preceding siblings ...) 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] logging.c Arseny Maslennikov @ 2020-09-17 13:12 ` Arseny Maslennikov 2020-09-17 15:09 ` Vladimir D. Seleznev ` (2 more replies) 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] server.conf Arseny Maslennikov 8 siblings, 3 replies; 52+ messages in thread From: @ 2020-09-17 13:12 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] Makefile 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] Makefile Arseny Maslennikov @ 2020-09-17 15:09 ` Vladimir D. Seleznev 2020-09-18 10:48 ` Dmitry V. Levin 2020-09-18 11:33 ` Dmitry V. Levin 2 siblings, 0 replies; 52+ messages in thread From: @ 2020-09-17 15:09 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] Makefile 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] Makefile Arseny Maslennikov 2020-09-17 15:09 ` Vladimir D. Seleznev @ 2020-09-18 10:48 ` Dmitry V. Levin 2020-09-18 10:54 ` Andrey Savchenko 2020-09-18 11:33 ` Dmitry V. Levin 2 siblings, 1 reply; 52+ messages in thread From: @ 2020-09-18 10:48 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] Makefile 2020-09-18 10:48 ` Dmitry V. Levin @ 2020-09-18 10:54 ` Andrey Savchenko 0 siblings, 0 replies; 52+ messages in thread From: @ 2020-09-18 10:54 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] Makefile 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] Makefile Arseny Maslennikov 2020-09-17 15:09 ` Vladimir D. Seleznev 2020-09-18 10:48 ` Dmitry V. Levin @ 2020-09-18 11:33 ` Dmitry V. Levin 2020-09-18 12:24 ` Arseny Maslennikov 2 siblings, 1 reply; 52+ messages in thread From: @ 2020-09-18 11:33 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] Makefile 2020-09-18 11:33 ` Dmitry V. Levin @ 2020-09-18 12:24 ` Arseny Maslennikov 0 siblings, 0 replies; 52+ messages in thread From: @ 2020-09-18 12:24 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] server.conf 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov ` (7 preceding siblings ...) 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] Makefile Arseny Maslennikov @ 2020-09-17 13:12 ` Arseny Maslennikov 2020-09-18 10:50 ` Dmitry V. Levin 8 siblings, 1 reply; 52+ messages in thread From: @ 2020-09-17 13:12 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] server.conf 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] server.conf Arseny Maslennikov @ 2020-09-18 10:50 ` Dmitry V. Levin 2020-09-18 10:57 ` Arseny Maslennikov 0 siblings, 1 reply; 52+ messages in thread From: @ 2020-09-18 10:50 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 1/3] server.conf 2020-09-18 10:50 ` Dmitry V. Levin @ 2020-09-18 10:57 ` Arseny Maslennikov 0 siblings, 0 replies; 52+ messages in thread From: @ 2020-09-18 10:57 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files 2019-12-13 11:42 [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alex Gladkov 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov @ 2019-12-13 11:42 ` Alex Gladkov 2020-06-17 22:31 ` Mikhail Novosyolov 2020-09-17 13:10 ` Arseny Maslennikov 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 3/3] Add cgroup support Alex Gladkov ` (4 subsequent siblings) 6 siblings, 2 replies; 52+ messages in thread From: @ 2019-12-13 11:42 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files Alex Gladkov @ 2020-06-17 22:31 ` Mikhail Novosyolov 2020-06-17 22:38 ` Mikhail Novosyolov 2020-06-17 22:43 ` Alexey Gladkov 2020-09-17 13:10 ` Arseny Maslennikov 1 sibling, 2 replies; 52+ messages in thread From: @ 2020-06-17 22:31 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files 2020-06-17 22:31 ` Mikhail Novosyolov @ 2020-06-17 22:38 ` Mikhail Novosyolov 2020-06-17 22:50 ` Alexey Gladkov 2020-06-17 22:43 ` Alexey Gladkov 1 sibling, 1 reply; 52+ messages in thread From: @ 2020-06-17 22:38 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files 2020-06-17 22:38 ` Mikhail Novosyolov @ 2020-06-17 22:50 ` Alexey Gladkov 0 siblings, 0 replies; 52+ messages in thread From: @ 2020-06-17 22:50 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files 2020-06-17 22:31 ` Mikhail Novosyolov 2020-06-17 22:38 ` Mikhail Novosyolov @ 2020-06-17 22:43 ` Alexey Gladkov 2020-06-17 22:53 ` Mikhail Novosyolov 1 sibling, 1 reply; 52+ messages in thread From: @ 2020-06-17 22:43 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files 2020-06-17 22:43 ` Alexey Gladkov @ 2020-06-17 22:53 ` Mikhail Novosyolov 0 siblings, 0 replies; 52+ messages in thread From: @ 2020-06-17 22:53 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files Alex Gladkov 2020-06-17 22:31 ` Mikhail Novosyolov @ 2020-09-17 13:10 ` Arseny Maslennikov 2020-10-01 17:25 ` Alexey Gladkov 1 sibling, 1 reply; 52+ messages in thread From: @ 2020-09-17 13:10 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files 2020-09-17 13:10 ` Arseny Maslennikov @ 2020-10-01 17:25 ` Alexey Gladkov 2020-10-01 17:50 ` Arseny Maslennikov 0 siblings, 1 reply; 52+ messages in thread From: @ 2020-10-01 17:25 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files 2020-10-01 17:25 ` Alexey Gladkov @ 2020-10-01 17:50 ` Arseny Maslennikov 0 siblings, 0 replies; 52+ messages in thread From: @ 2020-10-01 17:50 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* [devel] [PATCH hasher-priv v1 3/3] Add cgroup support 2019-12-13 11:42 [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alex Gladkov 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files Alex Gladkov @ 2019-12-13 11:42 ` Alex Gladkov 2020-09-17 13:11 ` Arseny Maslennikov 2019-12-15 8:50 ` [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alexey Tourbin ` (3 subsequent siblings) 6 siblings, 1 reply; 52+ messages in thread From: @ 2019-12-13 11:42 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 3/3] Add cgroup support 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 3/3] Add cgroup support Alex Gladkov @ 2020-09-17 13:11 ` Arseny Maslennikov 2020-10-01 19:17 ` Alexey Gladkov 0 siblings, 1 reply; 52+ messages in thread From: @ 2020-09-17 13:11 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 3/3] Add cgroup support 2020-09-17 13:11 ` Arseny Maslennikov @ 2020-10-01 19:17 ` Alexey Gladkov 2020-10-01 20:23 ` Arseny Maslennikov 0 siblings, 1 reply; 52+ messages in thread From: @ 2020-10-01 19:17 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 3/3] Add cgroup support 2020-10-01 19:17 ` Alexey Gladkov @ 2020-10-01 20:23 ` Arseny Maslennikov 2020-10-02 0:42 ` Alexey Gladkov 0 siblings, 1 reply; 52+ messages in thread From: @ 2020-10-01 20:23 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 3/3] Add cgroup support 2020-10-01 20:23 ` Arseny Maslennikov @ 2020-10-02 0:42 ` Alexey Gladkov 2020-10-02 11:46 ` Arseny Maslennikov 0 siblings, 1 reply; 52+ messages in thread From: @ 2020-10-02 0:42 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 3/3] Add cgroup support 2020-10-02 0:42 ` Alexey Gladkov @ 2020-10-02 11:46 ` Arseny Maslennikov 2020-10-02 12:58 ` Alexey Gladkov 0 siblings, 1 reply; 52+ messages in thread From: @ 2020-10-02 11:46 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 3/3] Add cgroup support 2020-10-02 11:46 ` Arseny Maslennikov @ 2020-10-02 12:58 ` Alexey Gladkov 0 siblings, 0 replies; 52+ messages in thread From: @ 2020-10-02 12:58 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv 2019-12-13 11:42 [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alex Gladkov ` (2 preceding siblings ...) 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 3/3] Add cgroup support Alex Gladkov @ 2019-12-15 8:50 ` Alexey Tourbin 2019-12-15 23:33 ` Andrey Savchenko 2019-12-16 9:35 ` Dmitry V. Levin 2020-03-16 10:34 ` Alexey Gladkov ` (2 subsequent siblings) 6 siblings, 2 replies; 52+ messages in thread From: @ 2019-12-15 8:50 UTC (permalink / raw) ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv 2019-12-15 8:50 ` [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alexey Tourbin @ 2019-12-15 23:33 ` Andrey Savchenko 2019-12-16 9:35 ` Dmitry V. Levin 1 sibling, 0 replies; 52+ messages in thread From: Andrey Savchenko @ 2019-12-15 23:33 UTC (permalink / raw) To: ALT Linux Team development discussions [-- Attachment #1: Type: text/plain, Size: 1236 bytes --] On Sun, 15 Dec 2019 11:50:13 +0300 Alexey Tourbin wrote: > On Fri, Dec 13, 2019 at 2:42 PM Alex Gladkov <legion@altlinux.ru> wrote: > > The hasher-priv is a SUID utility. This is not good. Separation of the > > server and client parts will allow us to remove SUID flag. > > Removing the SUID flag shouldn't be an end in itself. You're still > running a process with root privileges which serves user requests. > It's the same, except that instead of the SUID flag, the process just > starts as root. So you are not improving privilege separation or > something, you are only limiting the ability of the user to tamper > with the SUID binary. And tampering with the binary should be > pointless anyway (unless glibc is faulty and permits arbitrary code > injection, etc.). The code separation for the privileged and the unprivileged processes allows to reduce the attack surface when implemented properly. Furthermore it should be possible to replace the SUID by the Linux capabilities in future — so the code/process separation makes even more sense here as it will lead to a smaller number of capabilities required. I have not reviewed this code yet, but I like the idea. Best regards, Andrew Savchenko [-- Attachment #2: Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv 2019-12-15 8:50 ` [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alexey Tourbin 2019-12-15 23:33 ` Andrey Savchenko @ 2019-12-16 9:35 ` Dmitry V. Levin 2019-12-29 11:03 ` Alexey Tourbin 1 sibling, 1 reply; 52+ messages in thread From: Dmitry V. Levin @ 2019-12-16 9:35 UTC (permalink / raw) To: ALT Devel discussion list [-- Attachment #1: Type: text/plain, Size: 1372 bytes --] On Sun, Dec 15, 2019 at 11:50:13AM +0300, Alexey Tourbin wrote: > On Fri, Dec 13, 2019 at 2:42 PM Alex Gladkov <legion@altlinux.ru> wrote: > > The hasher-priv is a SUID utility. This is not good. Separation of the > > server and client parts will allow us to remove SUID flag. > > Removing the SUID flag shouldn't be an end in itself. You're still > running a process with root privileges which serves user requests. > It's the same, except that instead of the SUID flag, the process just > starts as root. So you are not improving privilege separation or > something, you are only limiting the ability of the user to tamper > with the SUID binary. And tampering with the binary should be > pointless anyway (unless glibc is faulty and permits arbitrary code > injection, etc.). While turning a suid root executable into a daemon doesn't automagically make everything more secure, it's an important move in the right direction. Firstly, the attack surface of a suid root executable is larger than of the equivalent root daemon on the other side of a unix domain socket, so this change narrows the attack surface. Secondly, this change opens the way for more elaborate privilege separation. Thirdly, it makes hasher available for PR_SET_NO_NEW_PRIVS'ed processes (e.g. self-seccomp'ed) that cannot make use of suid executables. -- ldv [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 801 bytes --] ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv 2019-12-16 9:35 ` Dmitry V. Levin @ 2019-12-29 11:03 ` Alexey Tourbin 0 siblings, 0 replies; 52+ messages in thread From: Alexey Tourbin @ 2019-12-29 11:03 UTC (permalink / raw) To: ALT Linux Team development discussions On Mon, Dec 16, 2019 at 12:35 PM Dmitry V. Levin <ldv@altlinux.org> wrote: > On Sun, Dec 15, 2019 at 11:50:13AM +0300, Alexey Tourbin wrote: > > On Fri, Dec 13, 2019 at 2:42 PM Alex Gladkov <legion@altlinux.ru> wrote: > > > The hasher-priv is a SUID utility. This is not good. Separation of the > > > server and client parts will allow us to remove SUID flag. > > > > Removing the SUID flag shouldn't be an end in itself. You're still > > running a process with root privileges which serves user requests. > > It's the same, except that instead of the SUID flag, the process just > > starts as root. So you are not improving privilege separation or > > something, you are only limiting the ability of the user to tamper > > with the SUID binary. And tampering with the binary should be > > pointless anyway (unless glibc is faulty and permits arbitrary code > > injection, etc.). > > While turning a suid root executable into a daemon doesn't automagically > make everything more secure, it's an important move in the right direction. Not necessarily. Conversion into a daemon takes more code, which can have its own faults. Instead of relying on the set-uid mechanism, you're very likely to up end up with a more complex DIY construction. > Firstly, the attack surface of a suid root executable is larger than > of the equivalent root daemon on the other side of a unix domain socket, > so this change narrows the attack surface. You are casting doubt on the venerable set-uid mechanism. What if it's faulty? What if the user can tamper with the binary and somehow inject arbitrary code? Well, you can do nothing about it, and moreover it's not your problem. (Likewise, if the kernel is faulty and permits privilege escalation, you can do nothing about it, and the only way round is to fix the kernel.) Your basic mechanisms must be secure, and it's doable. The "attack surface" is just a highbrow way of saying that the dynamic loader should be insensitive to LD_PRELOAD. :) > Secondly, this change opens the way for more elaborate privilege separation. > > Thirdly, it makes hasher available for PR_SET_NO_NEW_PRIVS'ed > processes (e.g. self-seccomp'ed) that cannot make use of suid executables. These might be valid arguments. Still, I find it hard to believe it's really about security. hasher-priv is minimalistic, and its use is limited to those few machines that need it, some of them booted over the network. There is no good reason to believe that we might face any security risks. ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv 2019-12-13 11:42 [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alex Gladkov ` (3 preceding siblings ...) 2019-12-15 8:50 ` [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alexey Tourbin @ 2020-03-16 10:34 ` Alexey Gladkov 2020-06-17 22:01 ` Alexey Gladkov 2020-09-17 13:09 ` Arseny Maslennikov 6 siblings, 0 replies; 52+ messages in thread From: Alexey Gladkov @ 2020-03-16 10:34 UTC (permalink / raw) To: ldv; +Cc: devel On Fri, Dec 13, 2019 at 12:42:02PM +0100, Alex Gladkov wrote: > From: Alexey Gladkov <legion@altlinux.org> > > The hasher-priv is a SUID utility. This is not good. Separation of the > server and client parts will allow us to remove SUID flag. > > The separation of server and client is not intended to give clients > access over the network. This separation is only necessary to distinguish > privileges. Only UNIX domain socket is used. > > A separate session process is created for each connected user. Each such > process ends after a certain period of inactivity. Gently remind about patches. > Alexey Gladkov (3): > Make a daemon from the hasher-priv > Add systemd and sysvinit service files > Add cgroup support > > hasher-priv/.gitignore | 1 + > hasher-priv/DESIGN | 281 +++++++++++++-------- > hasher-priv/Makefile | 34 ++- > hasher-priv/caller.c | 81 +++--- > hasher-priv/caller_server.c | 373 ++++++++++++++++++++++++++++ > hasher-priv/caller_task.c | 217 +++++++++++++++++ > hasher-priv/cgroup.c | 119 +++++++++ > hasher-priv/cmdline.c | 27 +- > hasher-priv/communication.c | 392 ++++++++++++++++++++++++++++++ > hasher-priv/communication.h | 77 ++++++ > hasher-priv/config.c | 148 ++++++++++- > hasher-priv/epoll.c | 39 +++ > hasher-priv/epoll.h | 18 ++ > hasher-priv/hasher-priv.c | 78 ++++++ > hasher-priv/hasher-privd.c | 375 ++++++++++++++++++++++++++++ > hasher-priv/hasher-privd.service | 11 + > hasher-priv/hasher-privd.sysvinit | 86 +++++++ > hasher-priv/io_log.c | 2 +- > hasher-priv/io_x11.c | 2 +- > hasher-priv/killuid.c | 2 +- > hasher-priv/logging.c | 64 +++++ > hasher-priv/logging.h | 55 +++++ > hasher-priv/main.c | 75 ------ > hasher-priv/pass.c | 117 ++++++++- > hasher-priv/pidfile.c | 128 ++++++++++ > hasher-priv/pidfile.h | 44 ++++ > hasher-priv/priv.h | 35 ++- > hasher-priv/server.conf | 22 ++ > hasher-priv/sockets.c | 183 ++++++++++++++ > hasher-priv/sockets.h | 32 +++ > hasher-priv/x11.c | 1 + > 31 files changed, 2872 insertions(+), 247 deletions(-) > create mode 100644 hasher-priv/caller_server.c > create mode 100644 hasher-priv/caller_task.c > create mode 100644 hasher-priv/cgroup.c > create mode 100644 hasher-priv/communication.c > create mode 100644 hasher-priv/communication.h > create mode 100644 hasher-priv/epoll.c > create mode 100644 hasher-priv/epoll.h > create mode 100644 hasher-priv/hasher-priv.c > create mode 100644 hasher-priv/hasher-privd.c > create mode 100644 hasher-priv/hasher-privd.service > create mode 100755 hasher-priv/hasher-privd.sysvinit > create mode 100644 hasher-priv/logging.c > create mode 100644 hasher-priv/logging.h > delete mode 100644 hasher-priv/main.c > create mode 100644 hasher-priv/pidfile.c > create mode 100644 hasher-priv/pidfile.h > create mode 100644 hasher-priv/server.conf > create mode 100644 hasher-priv/sockets.c > create mode 100644 hasher-priv/sockets.h > > -- > 2.24.0 -- Rgrds, legion ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv 2019-12-13 11:42 [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alex Gladkov ` (4 preceding siblings ...) 2020-03-16 10:34 ` Alexey Gladkov @ 2020-06-17 22:01 ` Alexey Gladkov 2020-09-17 13:09 ` Arseny Maslennikov 6 siblings, 0 replies; 52+ messages in thread From: Alexey Gladkov @ 2020-06-17 22:01 UTC (permalink / raw) To: ALT Linux Team development discussions; +Cc: ldv On Fri, Dec 13, 2019 at 12:42:02PM +0100, Alex Gladkov wrote: > From: Alexey Gladkov <legion@altlinux.org> ping > The hasher-priv is a SUID utility. This is not good. Separation of the > server and client parts will allow us to remove SUID flag. > > The separation of server and client is not intended to give clients > access over the network. This separation is only necessary to distinguish > privileges. Only UNIX domain socket is used. > > A separate session process is created for each connected user. Each such > process ends after a certain period of inactivity. > > Alexey Gladkov (3): > Make a daemon from the hasher-priv > Add systemd and sysvinit service files > Add cgroup support > > hasher-priv/.gitignore | 1 + > hasher-priv/DESIGN | 281 +++++++++++++-------- > hasher-priv/Makefile | 34 ++- > hasher-priv/caller.c | 81 +++--- > hasher-priv/caller_server.c | 373 ++++++++++++++++++++++++++++ > hasher-priv/caller_task.c | 217 +++++++++++++++++ > hasher-priv/cgroup.c | 119 +++++++++ > hasher-priv/cmdline.c | 27 +- > hasher-priv/communication.c | 392 ++++++++++++++++++++++++++++++ > hasher-priv/communication.h | 77 ++++++ > hasher-priv/config.c | 148 ++++++++++- > hasher-priv/epoll.c | 39 +++ > hasher-priv/epoll.h | 18 ++ > hasher-priv/hasher-priv.c | 78 ++++++ > hasher-priv/hasher-privd.c | 375 ++++++++++++++++++++++++++++ > hasher-priv/hasher-privd.service | 11 + > hasher-priv/hasher-privd.sysvinit | 86 +++++++ > hasher-priv/io_log.c | 2 +- > hasher-priv/io_x11.c | 2 +- > hasher-priv/killuid.c | 2 +- > hasher-priv/logging.c | 64 +++++ > hasher-priv/logging.h | 55 +++++ > hasher-priv/main.c | 75 ------ > hasher-priv/pass.c | 117 ++++++++- > hasher-priv/pidfile.c | 128 ++++++++++ > hasher-priv/pidfile.h | 44 ++++ > hasher-priv/priv.h | 35 ++- > hasher-priv/server.conf | 22 ++ > hasher-priv/sockets.c | 183 ++++++++++++++ > hasher-priv/sockets.h | 32 +++ > hasher-priv/x11.c | 1 + > 31 files changed, 2872 insertions(+), 247 deletions(-) > create mode 100644 hasher-priv/caller_server.c > create mode 100644 hasher-priv/caller_task.c > create mode 100644 hasher-priv/cgroup.c > create mode 100644 hasher-priv/communication.c > create mode 100644 hasher-priv/communication.h > create mode 100644 hasher-priv/epoll.c > create mode 100644 hasher-priv/epoll.h > create mode 100644 hasher-priv/hasher-priv.c > create mode 100644 hasher-priv/hasher-privd.c > create mode 100644 hasher-priv/hasher-privd.service > create mode 100755 hasher-priv/hasher-privd.sysvinit > create mode 100644 hasher-priv/logging.c > create mode 100644 hasher-priv/logging.h > delete mode 100644 hasher-priv/main.c > create mode 100644 hasher-priv/pidfile.c > create mode 100644 hasher-priv/pidfile.h > create mode 100644 hasher-priv/server.conf > create mode 100644 hasher-priv/sockets.c > create mode 100644 hasher-priv/sockets.h > > -- > 2.24.0 > > _______________________________________________ > Devel mailing list > Devel@lists.altlinux.org > https://lists.altlinux.org/mailman/listinfo/devel -- Rgrds, legion ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv 2019-12-13 11:42 [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alex Gladkov ` (5 preceding siblings ...) 2020-06-17 22:01 ` Alexey Gladkov @ 2020-09-17 13:09 ` Arseny Maslennikov 2020-10-01 17:21 ` Alexey Gladkov 6 siblings, 1 reply; 52+ messages in thread From: Arseny Maslennikov @ 2020-09-17 13:09 UTC (permalink / raw) To: Alex Gladkov, devel; +Cc: ldv [-- Attachment #1: Type: text/plain, Size: 4527 bytes --] On Fri, Dec 13, 2019 at 12:42:02PM +0100, Alex Gladkov wrote: > From: Alexey Gladkov <legion@altlinux.org> > > The hasher-priv is a SUID utility. This is not good. Separation of the > server and client parts will allow us to remove SUID flag. > > The separation of server and client is not intended to give clients > access over the network. This separation is only necessary to distinguish > privileges. Only UNIX domain socket is used. > > A separate session process is created for each connected user. Each such > process ends after a certain period of inactivity. Thank you for trying this idea out; despite the trolling attempts, this effort is long welcome. There are some issues with the patchset, which I intend to cover in subsequent emails. I have published[1] some fix-up commits on top of these patches in an attempt to ensure that, barring the issues with a known fix, this works; however, some bugs are definitely still unsolved by now, so I decided to discuss the more apparent points first. [1] http://git.altlinux.org/people/arseny/packages/hasher-priv.git?a=summary There's an issue when hasher-privd tries to fulfill a chrootuid{1,2} request: the (eventually) unprivileged task executor process successfully invokes waitpid() or the likes on a child process, select()s on I/O descriptors, but gets CHLD later — and it looks like the inherited signal handler causes it to wait again. I've not yet found a decent reproducer — the following command: `hsh-shell $workdir' reproduces the issue reliably for me, but hsh-mkchroot, hsh-rmchroot, hsh-install are all OK. The root cause nevertheless is not yet established. It looks like this has to be patched somewhere in chrootuid(), but I might be wrong on this one. > > Alexey Gladkov (3): > Make a daemon from the hasher-priv > Add systemd and sysvinit service files > Add cgroup support > > hasher-priv/.gitignore | 1 + > hasher-priv/DESIGN | 281 +++++++++++++-------- > hasher-priv/Makefile | 34 ++- > hasher-priv/caller.c | 81 +++--- > hasher-priv/caller_server.c | 373 ++++++++++++++++++++++++++++ > hasher-priv/caller_task.c | 217 +++++++++++++++++ > hasher-priv/cgroup.c | 119 +++++++++ > hasher-priv/cmdline.c | 27 +- > hasher-priv/communication.c | 392 ++++++++++++++++++++++++++++++ > hasher-priv/communication.h | 77 ++++++ > hasher-priv/config.c | 148 ++++++++++- > hasher-priv/epoll.c | 39 +++ > hasher-priv/epoll.h | 18 ++ > hasher-priv/hasher-priv.c | 78 ++++++ > hasher-priv/hasher-privd.c | 375 ++++++++++++++++++++++++++++ > hasher-priv/hasher-privd.service | 11 + > hasher-priv/hasher-privd.sysvinit | 86 +++++++ > hasher-priv/io_log.c | 2 +- > hasher-priv/io_x11.c | 2 +- > hasher-priv/killuid.c | 2 +- > hasher-priv/logging.c | 64 +++++ > hasher-priv/logging.h | 55 +++++ > hasher-priv/main.c | 75 ------ > hasher-priv/pass.c | 117 ++++++++- > hasher-priv/pidfile.c | 128 ++++++++++ > hasher-priv/pidfile.h | 44 ++++ > hasher-priv/priv.h | 35 ++- > hasher-priv/server.conf | 22 ++ > hasher-priv/sockets.c | 183 ++++++++++++++ > hasher-priv/sockets.h | 32 +++ > hasher-priv/x11.c | 1 + > 31 files changed, 2872 insertions(+), 247 deletions(-) > create mode 100644 hasher-priv/caller_server.c > create mode 100644 hasher-priv/caller_task.c > create mode 100644 hasher-priv/cgroup.c > create mode 100644 hasher-priv/communication.c > create mode 100644 hasher-priv/communication.h > create mode 100644 hasher-priv/epoll.c > create mode 100644 hasher-priv/epoll.h > create mode 100644 hasher-priv/hasher-priv.c > create mode 100644 hasher-priv/hasher-privd.c > create mode 100644 hasher-priv/hasher-privd.service > create mode 100755 hasher-priv/hasher-privd.sysvinit > create mode 100644 hasher-priv/logging.c > create mode 100644 hasher-priv/logging.h > delete mode 100644 hasher-priv/main.c > create mode 100644 hasher-priv/pidfile.c > create mode 100644 hasher-priv/pidfile.h > create mode 100644 hasher-priv/server.conf > create mode 100644 hasher-priv/sockets.c > create mode 100644 hasher-priv/sockets.h > [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv 2020-09-17 13:09 ` Arseny Maslennikov @ 2020-10-01 17:21 ` Alexey Gladkov 2020-10-01 17:44 ` Arseny Maslennikov 0 siblings, 1 reply; 52+ messages in thread From: Alexey Gladkov @ 2020-10-01 17:21 UTC (permalink / raw) To: Arseny Maslennikov; +Cc: devel, ldv [-- Attachment #1: Type: text/plain, Size: 5096 bytes --] On Thu, Sep 17, 2020 at 04:09:35PM +0300, Arseny Maslennikov wrote: > On Fri, Dec 13, 2019 at 12:42:02PM +0100, Alex Gladkov wrote: > > From: Alexey Gladkov <legion@altlinux.org> > > > > The hasher-priv is a SUID utility. This is not good. Separation of the > > server and client parts will allow us to remove SUID flag. > > > > The separation of server and client is not intended to give clients > > access over the network. This separation is only necessary to distinguish > > privileges. Only UNIX domain socket is used. > > > > A separate session process is created for each connected user. Each such > > process ends after a certain period of inactivity. > > Thank you for trying this idea out; despite the trolling attempts, this > effort is long welcome. I created this patchset a long time ago. I've already lost my context. It might be better if you keep working on this patch. > There are some issues with the patchset, which I intend to cover in > subsequent emails. I have published[1] some fix-up commits on top of > these patches in an attempt to ensure that, barring the issues with a > known fix, this works; however, some bugs are definitely still unsolved > by now, so I decided to discuss the more apparent points first. > > [1] http://git.altlinux.org/people/arseny/packages/hasher-priv.git?a=summary It looks like you've already started working on finalizing this patch :) > There's an issue when hasher-privd tries to fulfill a chrootuid{1,2} > request: the (eventually) unprivileged task executor process > successfully invokes waitpid() or the likes on a child process, > select()s on I/O descriptors, but gets CHLD later — and it looks like > the inherited signal handler causes it to wait again. Hm... > I've not yet found a decent reproducer — the following command: > `hsh-shell $workdir' There is no such command. You need to send command to run /bin/sh. > reproduces the issue reliably for me, but hsh-mkchroot, hsh-rmchroot, > hsh-install are all OK. The root cause nevertheless is not yet > established. It looks like this has to be patched somewhere in > chrootuid(), but I might be wrong on this one. > > > > > Alexey Gladkov (3): > > Make a daemon from the hasher-priv > > Add systemd and sysvinit service files > > Add cgroup support > > > > hasher-priv/.gitignore | 1 + > > hasher-priv/DESIGN | 281 +++++++++++++-------- > > hasher-priv/Makefile | 34 ++- > > hasher-priv/caller.c | 81 +++--- > > hasher-priv/caller_server.c | 373 ++++++++++++++++++++++++++++ > > hasher-priv/caller_task.c | 217 +++++++++++++++++ > > hasher-priv/cgroup.c | 119 +++++++++ > > hasher-priv/cmdline.c | 27 +- > > hasher-priv/communication.c | 392 ++++++++++++++++++++++++++++++ > > hasher-priv/communication.h | 77 ++++++ > > hasher-priv/config.c | 148 ++++++++++- > > hasher-priv/epoll.c | 39 +++ > > hasher-priv/epoll.h | 18 ++ > > hasher-priv/hasher-priv.c | 78 ++++++ > > hasher-priv/hasher-privd.c | 375 ++++++++++++++++++++++++++++ > > hasher-priv/hasher-privd.service | 11 + > > hasher-priv/hasher-privd.sysvinit | 86 +++++++ > > hasher-priv/io_log.c | 2 +- > > hasher-priv/io_x11.c | 2 +- > > hasher-priv/killuid.c | 2 +- > > hasher-priv/logging.c | 64 +++++ > > hasher-priv/logging.h | 55 +++++ > > hasher-priv/main.c | 75 ------ > > hasher-priv/pass.c | 117 ++++++++- > > hasher-priv/pidfile.c | 128 ++++++++++ > > hasher-priv/pidfile.h | 44 ++++ > > hasher-priv/priv.h | 35 ++- > > hasher-priv/server.conf | 22 ++ > > hasher-priv/sockets.c | 183 ++++++++++++++ > > hasher-priv/sockets.h | 32 +++ > > hasher-priv/x11.c | 1 + > > 31 files changed, 2872 insertions(+), 247 deletions(-) > > create mode 100644 hasher-priv/caller_server.c > > create mode 100644 hasher-priv/caller_task.c > > create mode 100644 hasher-priv/cgroup.c > > create mode 100644 hasher-priv/communication.c > > create mode 100644 hasher-priv/communication.h > > create mode 100644 hasher-priv/epoll.c > > create mode 100644 hasher-priv/epoll.h > > create mode 100644 hasher-priv/hasher-priv.c > > create mode 100644 hasher-priv/hasher-privd.c > > create mode 100644 hasher-priv/hasher-privd.service > > create mode 100755 hasher-priv/hasher-privd.sysvinit > > create mode 100644 hasher-priv/logging.c > > create mode 100644 hasher-priv/logging.h > > delete mode 100644 hasher-priv/main.c > > create mode 100644 hasher-priv/pidfile.c > > create mode 100644 hasher-priv/pidfile.h > > create mode 100644 hasher-priv/server.conf > > create mode 100644 hasher-priv/sockets.c > > create mode 100644 hasher-priv/sockets.h > > -- Rgrds, legion [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 195 bytes --] ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv 2020-10-01 17:21 ` Alexey Gladkov @ 2020-10-01 17:44 ` Arseny Maslennikov 2020-10-01 20:01 ` Alexey Gladkov 0 siblings, 1 reply; 52+ messages in thread From: Arseny Maslennikov @ 2020-10-01 17:44 UTC (permalink / raw) To: Alexey Gladkov; +Cc: devel, ldv [-- Attachment #1: Type: text/plain, Size: 2528 bytes --] On Thu, Oct 01, 2020 at 07:21:11PM +0200, Alexey Gladkov wrote: > On Thu, Sep 17, 2020 at 04:09:35PM +0300, Arseny Maslennikov wrote: > > On Fri, Dec 13, 2019 at 12:42:02PM +0100, Alex Gladkov wrote: > > > From: Alexey Gladkov <legion@altlinux.org> > > > > > > The hasher-priv is a SUID utility. This is not good. Separation of the > > > server and client parts will allow us to remove SUID flag. > > > > > > The separation of server and client is not intended to give clients > > > access over the network. This separation is only necessary to distinguish > > > privileges. Only UNIX domain socket is used. > > > > > > A separate session process is created for each connected user. Each such > > > process ends after a certain period of inactivity. > > > > Thank you for trying this idea out; despite the trolling attempts, this > > effort is long welcome. > > I created this patchset a long time ago. I've already lost my context. It > might be better if you keep working on this patch. > Great! I'd like to work on this further. > > There are some issues with the patchset, which I intend to cover in > > subsequent emails. I have published[1] some fix-up commits on top of > > these patches in an attempt to ensure that, barring the issues with a > > known fix, this works; however, some bugs are definitely still unsolved > > by now, so I decided to discuss the more apparent points first. > > > > [1] http://git.altlinux.org/people/arseny/packages/hasher-priv.git?a=summary > > It looks like you've already started working on finalizing this patch :) > > > There's an issue when hasher-privd tries to fulfill a chrootuid{1,2} > > request: the (eventually) unprivileged task executor process > > successfully invokes waitpid() or the likes on a child process, > > select()s on I/O descriptors, but gets CHLD later — and it looks like > > the inherited signal handler causes it to wait again. > > Hm... > > > I've not yet found a decent reproducer — the following command: > > `hsh-shell $workdir' > > There is no such command. You need to send command to run /bin/sh. Yes, there's no such IPC command, I was referring to a shell command run in the host system by the caller user. > > > reproduces the issue reliably for me, but hsh-mkchroot, hsh-rmchroot, > > hsh-install are all OK. The root cause nevertheless is not yet > > established. It looks like this has to be patched somewhere in > > chrootuid(), but I might be wrong on this one. > > [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv 2020-10-01 17:44 ` Arseny Maslennikov @ 2020-10-01 20:01 ` Alexey Gladkov 2020-10-01 21:53 ` Arseny Maslennikov 0 siblings, 1 reply; 52+ messages in thread From: Alexey Gladkov @ 2020-10-01 20:01 UTC (permalink / raw) To: Arseny Maslennikov; +Cc: devel, ldv [-- Attachment #1: Type: text/plain, Size: 3249 bytes --] On Thu, Oct 01, 2020 at 08:44:00PM +0300, Arseny Maslennikov wrote: > On Thu, Oct 01, 2020 at 07:21:11PM +0200, Alexey Gladkov wrote: > > On Thu, Sep 17, 2020 at 04:09:35PM +0300, Arseny Maslennikov wrote: > > > On Fri, Dec 13, 2019 at 12:42:02PM +0100, Alex Gladkov wrote: > > > > From: Alexey Gladkov <legion@altlinux.org> > > > > > > > > The hasher-priv is a SUID utility. This is not good. Separation of the > > > > server and client parts will allow us to remove SUID flag. > > > > > > > > The separation of server and client is not intended to give clients > > > > access over the network. This separation is only necessary to distinguish > > > > privileges. Only UNIX domain socket is used. > > > > > > > > A separate session process is created for each connected user. Each such > > > > process ends after a certain period of inactivity. > > > > > > Thank you for trying this idea out; despite the trolling attempts, this > > > effort is long welcome. > > > > I created this patchset a long time ago. I've already lost my context. It > > might be better if you keep working on this patch. > > > > Great! I'd like to work on this further. You have asked many questions. I didn’t answer everything because these patches are already 5 years old and I can hardly remember what I had in my head when I did them. Submitting patches to the mailing list was the second attempt to upstream them. Actually, I was afraid of losing them altogether, so I merged some of the patches. Originally I had about 10 patches in a patchset. I'm not sure if I have time for this rework. But we can try. We can discuss the hasher-privd in russian if you like :) > > > There are some issues with the patchset, which I intend to cover in > > > subsequent emails. I have published[1] some fix-up commits on top of > > > these patches in an attempt to ensure that, barring the issues with a > > > known fix, this works; however, some bugs are definitely still unsolved > > > by now, so I decided to discuss the more apparent points first. > > > > > > [1] http://git.altlinux.org/people/arseny/packages/hasher-priv.git?a=summary > > > > It looks like you've already started working on finalizing this patch :) > > > > > There's an issue when hasher-privd tries to fulfill a chrootuid{1,2} > > > request: the (eventually) unprivileged task executor process > > > successfully invokes waitpid() or the likes on a child process, > > > select()s on I/O descriptors, but gets CHLD later — and it looks like > > > the inherited signal handler causes it to wait again. > > > > Hm... > > > > > I've not yet found a decent reproducer — the following command: > > > `hsh-shell $workdir' > > > > There is no such command. You need to send command to run /bin/sh. > > Yes, there's no such IPC command, I was referring to a shell command run > in the host system by the caller user. > > > > > > reproduces the issue reliably for me, but hsh-mkchroot, hsh-rmchroot, > > > hsh-install are all OK. The root cause nevertheless is not yet > > > established. It looks like this has to be patched somewhere in > > > chrootuid(), but I might be wrong on this one. > > > -- Rgrds, legion [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 195 bytes --] ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv 2020-10-01 20:01 ` Alexey Gladkov @ 2020-10-01 21:53 ` Arseny Maslennikov 2020-10-01 23:55 ` Alexey Gladkov 0 siblings, 1 reply; 52+ messages in thread From: Arseny Maslennikov @ 2020-10-01 21:53 UTC (permalink / raw) To: ALT Linux Team development discussions; +Cc: ldv [-- Attachment #1: Type: text/plain, Size: 4901 bytes --] On Thu, Oct 01, 2020 at 10:01:29PM +0200, Alexey Gladkov wrote: > On Thu, Oct 01, 2020 at 08:44:00PM +0300, Arseny Maslennikov wrote: > > On Thu, Oct 01, 2020 at 07:21:11PM +0200, Alexey Gladkov wrote: > > > On Thu, Sep 17, 2020 at 04:09:35PM +0300, Arseny Maslennikov wrote: > > > > On Fri, Dec 13, 2019 at 12:42:02PM +0100, Alex Gladkov wrote: > > > > > From: Alexey Gladkov <legion@altlinux.org> > > > > > > > > > > The hasher-priv is a SUID utility. This is not good. Separation of the > > > > > server and client parts will allow us to remove SUID flag. > > > > > > > > > > The separation of server and client is not intended to give clients > > > > > access over the network. This separation is only necessary to distinguish > > > > > privileges. Only UNIX domain socket is used. > > > > > > > > > > A separate session process is created for each connected user. Each such > > > > > process ends after a certain period of inactivity. > > > > > > > > Thank you for trying this idea out; despite the trolling attempts, this > > > > effort is long welcome. > > > > > > I created this patchset a long time ago. I've already lost my context. It > > > might be better if you keep working on this patch. > > > > > > > Great! I'd like to work on this further. > > You have asked many questions. I didn’t answer everything because these > patches are already 5 years old and I can hardly remember what I had in my > head when I did them. Submitting patches to the mailing list was the > second attempt to upstream them. Actually, I was afraid of losing them > altogether, so I merged some of the patches. Originally I had about 10 > patches in a patchset. > > I'm not sure if I have time for this rework. But we can try. So, I guess you won't mind if I would prepare a v2 which fixes some of the issues discussed, based on my repo. We're in no hurry, since Dmitry is currently away for the next couple of weeks. > We can > discuss the hasher-privd in russian if you like :) I'm personally fine with both english and russian; looks like you're too. The remaining concerns are: * if everyone else interested can respond and continue the conversation * if the community around hasher ever goes international. I responded in english, since the patch messages were in english, and in that case I usually take the (nowadays rare with covid) opportunity to practice. Если же то, на что я отвечаю, пишут по-русски, то и отвечать, наверное, следует тоже по-русски. Если вдруг чувствуете, что лучше по-русски, можете на русский переключаться. Ну и иногда пишешь что-то по-русски в некоторый профессионально-технический разговор, а в реплике столько оказывается непереводных терминов и собственных имён, что уж лучше по-английски бы писал. :) > > > > > There are some issues with the patchset, which I intend to cover in > > > > subsequent emails. I have published[1] some fix-up commits on top of > > > > these patches in an attempt to ensure that, barring the issues with a > > > > known fix, this works; however, some bugs are definitely still unsolved > > > > by now, so I decided to discuss the more apparent points first. > > > > > > > > [1] http://git.altlinux.org/people/arseny/packages/hasher-priv.git?a=summary > > > > > > It looks like you've already started working on finalizing this patch :) > > > > > > > There's an issue when hasher-privd tries to fulfill a chrootuid{1,2} > > > > request: the (eventually) unprivileged task executor process > > > > successfully invokes waitpid() or the likes on a child process, > > > > select()s on I/O descriptors, but gets CHLD later — and it looks like > > > > the inherited signal handler causes it to wait again. > > > > > > Hm... > > > > > > > I've not yet found a decent reproducer — the following command: > > > > `hsh-shell $workdir' > > > > > > There is no such command. You need to send command to run /bin/sh. > > > > Yes, there's no such IPC command, I was referring to a shell command run > > in the host system by the caller user. > > > > > > > > > reproduces the issue reliably for me, but hsh-mkchroot, hsh-rmchroot, > > > > hsh-install are all OK. The root cause nevertheless is not yet > > > > established. It looks like this has to be patched somewhere in > > > > chrootuid(), but I might be wrong on this one. > > > > > > > > -- > Rgrds, legion > > _______________________________________________ > Devel mailing list > Devel@lists.altlinux.org > https://lists.altlinux.org/mailman/listinfo/devel [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 52+ messages in thread
* Re: [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv 2020-10-01 21:53 ` Arseny Maslennikov @ 2020-10-01 23:55 ` Alexey Gladkov 0 siblings, 0 replies; 52+ messages in thread From: Alexey Gladkov @ 2020-10-01 23:55 UTC (permalink / raw) To: ALT Linux Team development discussions; +Cc: ldv [-- Attachment #1: Type: text/plain, Size: 3954 bytes --] On Fri, Oct 02, 2020 at 12:53:45AM +0300, Arseny Maslennikov wrote: > On Thu, Oct 01, 2020 at 10:01:29PM +0200, Alexey Gladkov wrote: > > On Thu, Oct 01, 2020 at 08:44:00PM +0300, Arseny Maslennikov wrote: > > > On Thu, Oct 01, 2020 at 07:21:11PM +0200, Alexey Gladkov wrote: > > > > On Thu, Sep 17, 2020 at 04:09:35PM +0300, Arseny Maslennikov wrote: > > > > > On Fri, Dec 13, 2019 at 12:42:02PM +0100, Alex Gladkov wrote: > > > > > > From: Alexey Gladkov <legion@altlinux.org> > > > > > > > > > > > > The hasher-priv is a SUID utility. This is not good. Separation of the > > > > > > server and client parts will allow us to remove SUID flag. > > > > > > > > > > > > The separation of server and client is not intended to give clients > > > > > > access over the network. This separation is only necessary to distinguish > > > > > > privileges. Only UNIX domain socket is used. > > > > > > > > > > > > A separate session process is created for each connected user. Each such > > > > > > process ends after a certain period of inactivity. > > > > > > > > > > Thank you for trying this idea out; despite the trolling attempts, this > > > > > effort is long welcome. > > > > > > > > I created this patchset a long time ago. I've already lost my context. It > > > > might be better if you keep working on this patch. > > > > > > > > > > Great! I'd like to work on this further. > > > > You have asked many questions. I didn’t answer everything because these > > patches are already 5 years old and I can hardly remember what I had in my > > head when I did them. Submitting patches to the mailing list was the > > second attempt to upstream them. Actually, I was afraid of losing them > > altogether, so I merged some of the patches. Originally I had about 10 > > patches in a patchset. > > > > I'm not sure if I have time for this rework. But we can try. > > So, I guess you won't mind if I would prepare a v2 which fixes some of > the issues discussed, based on my repo. We're in no hurry, since Dmitry > is currently away for the next couple of weeks. Sure! I have been waiting for a reaction for 5 years. We are definitely in no hurry :) > > We can > > discuss the hasher-privd in russian if you like :) > > I'm personally fine with both english and russian; looks like you're too. > The remaining concerns are: > * if everyone else interested can respond and continue the conversation > * if the community around hasher ever goes international. I can hardly imagine a situation that someone who is not russian speaking would want to discuss these patches in this mailing list. If that happens then I'll probably eat my red hat :) > I responded in english, since the patch messages were in english, and in > that case I usually take the (nowadays rare with covid) opportunity to > practice. Если же то, на что я отвечаю, пишут по-русски, то и отвечать, > наверное, следует тоже по-русски. Я тоже стараюсь придерживаться такого подхода. > Если вдруг чувствуете, что лучше по-русски, можете на русский переключаться. Я пишу по-английски хуже и медленнее. Просто Дима меня совсем бы не понял, если бы я коммиты по-русски написал :) > Ну и иногда пишешь что-то по-русски в некоторый > профессионально-технический разговор, а в реплике столько оказывается > непереводных терминов и собственных имён, что уж лучше по-английски бы писал. :) Зато это мне лишняя практика русского :) -- Rgrds, legion [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 195 bytes --] ^ permalink raw reply [flat|nested] 52+ messages in thread
end of thread, other threads:[~2020-10-02 12:58 UTC | newest] Thread overview: 52+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-12-13 11:42 [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alex Gladkov 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov 2020-09-17 13:10 ` Arseny Maslennikov 2020-10-01 19:43 ` Alexey Gladkov 2020-10-01 21:24 ` Arseny Maslennikov 2020-10-01 23:38 ` Alexey Gladkov 2020-09-17 13:10 ` [devel] [PATCH hasher-priv v1 1/3] *literacy* Arseny Maslennikov 2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] caller.c Arseny Maslennikov 2020-09-17 13:55 ` Arseny Maslennikov 2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] caller_server.c, caller_task.c Arseny Maslennikov 2020-10-01 19:47 ` Alexey Gladkov 2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] config.c Arseny Maslennikov 2020-09-18 10:42 ` Dmitry V. Levin 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] hasher-privd.c Arseny Maslennikov 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] logging.c Arseny Maslennikov 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] Makefile Arseny Maslennikov 2020-09-17 15:09 ` Vladimir D. Seleznev 2020-09-18 10:48 ` Dmitry V. Levin 2020-09-18 10:54 ` Andrey Savchenko 2020-09-18 11:33 ` Dmitry V. Levin 2020-09-18 12:24 ` Arseny Maslennikov 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] server.conf Arseny Maslennikov 2020-09-18 10:50 ` Dmitry V. Levin 2020-09-18 10:57 ` Arseny Maslennikov 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files Alex Gladkov 2020-06-17 22:31 ` Mikhail Novosyolov 2020-06-17 22:38 ` Mikhail Novosyolov 2020-06-17 22:50 ` Alexey Gladkov 2020-06-17 22:43 ` Alexey Gladkov 2020-06-17 22:53 ` Mikhail Novosyolov 2020-09-17 13:10 ` Arseny Maslennikov 2020-10-01 17:25 ` Alexey Gladkov 2020-10-01 17:50 ` Arseny Maslennikov 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 3/3] Add cgroup support Alex Gladkov 2020-09-17 13:11 ` Arseny Maslennikov 2020-10-01 19:17 ` Alexey Gladkov 2020-10-01 20:23 ` Arseny Maslennikov 2020-10-02 0:42 ` Alexey Gladkov 2020-10-02 11:46 ` Arseny Maslennikov 2020-10-02 12:58 ` Alexey Gladkov 2019-12-15 8:50 ` [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alexey Tourbin 2019-12-15 23:33 ` Andrey Savchenko 2019-12-16 9:35 ` Dmitry V. Levin 2019-12-29 11:03 ` Alexey Tourbin 2020-03-16 10:34 ` Alexey Gladkov 2020-06-17 22:01 ` Alexey Gladkov 2020-09-17 13:09 ` Arseny Maslennikov 2020-10-01 17:21 ` Alexey Gladkov 2020-10-01 17:44 ` Arseny Maslennikov 2020-10-01 20:01 ` Alexey Gladkov 2020-10-01 21:53 ` Arseny Maslennikov 2020-10-01 23:55 ` Alexey Gladkov
ALT Linux Team development discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \ devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru public-inbox-index devel Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.devel AGPL code for this site: git clone https://public-inbox.org/public-inbox.git