ALT Linux Team development discussions
 help / color / mirror / Atom feed
* [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv
@ 2019-12-13 11:42 Alex Gladkov
  2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov
                   ` (6 more replies)
  0 siblings, 7 replies; 52+ messages in thread
From: Alex Gladkov @ 2019-12-13 11:42 UTC (permalink / raw)
  To: ldv; +Cc: devel

From: Alexey Gladkov <legion@altlinux.org>

The hasher-priv is a SUID utility. This is not good. Separation of the
server and client parts will allow us to remove SUID flag.

The separation of server and client is not intended to give clients
access over the network. This separation is only necessary to distinguish
privileges. Only UNIX domain socket is used.

A separate session process is created for each connected user. Each such
process ends after a certain period of inactivity.

Alexey Gladkov (3):
  Make a daemon from the hasher-priv
  Add systemd and sysvinit service files
  Add cgroup support

 hasher-priv/.gitignore            |   1 +
 hasher-priv/DESIGN                | 281 +++++++++++++--------
 hasher-priv/Makefile              |  34 ++-
 hasher-priv/caller.c              |  81 +++---
 hasher-priv/caller_server.c       | 373 ++++++++++++++++++++++++++++
 hasher-priv/caller_task.c         | 217 +++++++++++++++++
 hasher-priv/cgroup.c              | 119 +++++++++
 hasher-priv/cmdline.c             |  27 +-
 hasher-priv/communication.c       | 392 ++++++++++++++++++++++++++++++
 hasher-priv/communication.h       |  77 ++++++
 hasher-priv/config.c              | 148 ++++++++++-
 hasher-priv/epoll.c               |  39 +++
 hasher-priv/epoll.h               |  18 ++
 hasher-priv/hasher-priv.c         |  78 ++++++
 hasher-priv/hasher-privd.c        | 375 ++++++++++++++++++++++++++++
 hasher-priv/hasher-privd.service  |  11 +
 hasher-priv/hasher-privd.sysvinit |  86 +++++++
 hasher-priv/io_log.c              |   2 +-
 hasher-priv/io_x11.c              |   2 +-
 hasher-priv/killuid.c             |   2 +-
 hasher-priv/logging.c             |  64 +++++
 hasher-priv/logging.h             |  55 +++++
 hasher-priv/main.c                |  75 ------
 hasher-priv/pass.c                | 117 ++++++++-
 hasher-priv/pidfile.c             | 128 ++++++++++
 hasher-priv/pidfile.h             |  44 ++++
 hasher-priv/priv.h                |  35 ++-
 hasher-priv/server.conf           |  22 ++
 hasher-priv/sockets.c             | 183 ++++++++++++++
 hasher-priv/sockets.h             |  32 +++
 hasher-priv/x11.c                 |   1 +
 31 files changed, 2872 insertions(+), 247 deletions(-)
 create mode 100644 hasher-priv/caller_server.c
 create mode 100644 hasher-priv/caller_task.c
 create mode 100644 hasher-priv/cgroup.c
 create mode 100644 hasher-priv/communication.c
 create mode 100644 hasher-priv/communication.h
 create mode 100644 hasher-priv/epoll.c
 create mode 100644 hasher-priv/epoll.h
 create mode 100644 hasher-priv/hasher-priv.c
 create mode 100644 hasher-priv/hasher-privd.c
 create mode 100644 hasher-priv/hasher-privd.service
 create mode 100755 hasher-priv/hasher-privd.sysvinit
 create mode 100644 hasher-priv/logging.c
 create mode 100644 hasher-priv/logging.h
 delete mode 100644 hasher-priv/main.c
 create mode 100644 hasher-priv/pidfile.c
 create mode 100644 hasher-priv/pidfile.h
 create mode 100644 hasher-priv/server.conf
 create mode 100644 hasher-priv/sockets.c
 create mode 100644 hasher-priv/sockets.h

-- 
2.24.0



^ permalink raw reply	[flat|nested] 52+ messages in thread

end of thread, other threads:[~2020-10-02 12:58 UTC | newest]

Thread overview: 52+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-13 11:42 [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alex Gladkov
2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov
2020-09-17 13:10   ` Arseny Maslennikov
2020-10-01 19:43     ` Alexey Gladkov
2020-10-01 21:24       ` Arseny Maslennikov
2020-10-01 23:38         ` Alexey Gladkov
2020-09-17 13:10   ` [devel] [PATCH hasher-priv v1 1/3] *literacy* Arseny Maslennikov
2020-09-17 13:11   ` [devel] [PATCH hasher-priv v1 1/3] caller.c Arseny Maslennikov
2020-09-17 13:55     ` Arseny Maslennikov
2020-09-17 13:11   ` [devel] [PATCH hasher-priv v1 1/3] caller_server.c, caller_task.c Arseny Maslennikov
2020-10-01 19:47     ` Alexey Gladkov
2020-09-17 13:11   ` [devel] [PATCH hasher-priv v1 1/3] config.c Arseny Maslennikov
2020-09-18 10:42     ` Dmitry V. Levin
2020-09-17 13:12   ` [devel] [PATCH hasher-priv v1 1/3] hasher-privd.c Arseny Maslennikov
2020-09-17 13:12   ` [devel] [PATCH hasher-priv v1 1/3] logging.c Arseny Maslennikov
2020-09-17 13:12   ` [devel] [PATCH hasher-priv v1 1/3] Makefile Arseny Maslennikov
2020-09-17 15:09     ` Vladimir D. Seleznev
2020-09-18 10:48     ` Dmitry V. Levin
2020-09-18 10:54       ` Andrey Savchenko
2020-09-18 11:33     ` Dmitry V. Levin
2020-09-18 12:24       ` Arseny Maslennikov
2020-09-17 13:12   ` [devel] [PATCH hasher-priv v1 1/3] server.conf Arseny Maslennikov
2020-09-18 10:50     ` Dmitry V. Levin
2020-09-18 10:57       ` Arseny Maslennikov
2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files Alex Gladkov
2020-06-17 22:31   ` Mikhail Novosyolov
2020-06-17 22:38     ` Mikhail Novosyolov
2020-06-17 22:50       ` Alexey Gladkov
2020-06-17 22:43     ` Alexey Gladkov
2020-06-17 22:53       ` Mikhail Novosyolov
2020-09-17 13:10   ` Arseny Maslennikov
2020-10-01 17:25     ` Alexey Gladkov
2020-10-01 17:50       ` Arseny Maslennikov
2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 3/3] Add cgroup support Alex Gladkov
2020-09-17 13:11   ` Arseny Maslennikov
2020-10-01 19:17     ` Alexey Gladkov
2020-10-01 20:23       ` Arseny Maslennikov
2020-10-02  0:42         ` Alexey Gladkov
2020-10-02 11:46           ` Arseny Maslennikov
2020-10-02 12:58             ` Alexey Gladkov
2019-12-15  8:50 ` [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alexey Tourbin
2019-12-15 23:33   ` Andrey Savchenko
2019-12-16  9:35   ` Dmitry V. Levin
2019-12-29 11:03     ` Alexey Tourbin
2020-03-16 10:34 ` Alexey Gladkov
2020-06-17 22:01 ` Alexey Gladkov
2020-09-17 13:09 ` Arseny Maslennikov
2020-10-01 17:21   ` Alexey Gladkov
2020-10-01 17:44     ` Arseny Maslennikov
2020-10-01 20:01       ` Alexey Gladkov
2020-10-01 21:53         ` Arseny Maslennikov
2020-10-01 23:55           ` Alexey Gladkov

ALT Linux Team development discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
		devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
	public-inbox-index devel

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git