From: Alex Gladkov <legion@altlinux.ru> To: ldv@altlinux.org Cc: devel@lists.altlinux.org Subject: [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Date: Fri, 13 Dec 2019 12:42:02 +0100 Message-ID: <cover.1576183643.git.legion@altlinux.org> (raw) From: Alexey Gladkov <legion@altlinux.org> The hasher-priv is a SUID utility. This is not good. Separation of the server and client parts will allow us to remove SUID flag. The separation of server and client is not intended to give clients access over the network. This separation is only necessary to distinguish privileges. Only UNIX domain socket is used. A separate session process is created for each connected user. Each such process ends after a certain period of inactivity. Alexey Gladkov (3): Make a daemon from the hasher-priv Add systemd and sysvinit service files Add cgroup support hasher-priv/.gitignore | 1 + hasher-priv/DESIGN | 281 +++++++++++++-------- hasher-priv/Makefile | 34 ++- hasher-priv/caller.c | 81 +++--- hasher-priv/caller_server.c | 373 ++++++++++++++++++++++++++++ hasher-priv/caller_task.c | 217 +++++++++++++++++ hasher-priv/cgroup.c | 119 +++++++++ hasher-priv/cmdline.c | 27 +- hasher-priv/communication.c | 392 ++++++++++++++++++++++++++++++ hasher-priv/communication.h | 77 ++++++ hasher-priv/config.c | 148 ++++++++++- hasher-priv/epoll.c | 39 +++ hasher-priv/epoll.h | 18 ++ hasher-priv/hasher-priv.c | 78 ++++++ hasher-priv/hasher-privd.c | 375 ++++++++++++++++++++++++++++ hasher-priv/hasher-privd.service | 11 + hasher-priv/hasher-privd.sysvinit | 86 +++++++ hasher-priv/io_log.c | 2 +- hasher-priv/io_x11.c | 2 +- hasher-priv/killuid.c | 2 +- hasher-priv/logging.c | 64 +++++ hasher-priv/logging.h | 55 +++++ hasher-priv/main.c | 75 ------ hasher-priv/pass.c | 117 ++++++++- hasher-priv/pidfile.c | 128 ++++++++++ hasher-priv/pidfile.h | 44 ++++ hasher-priv/priv.h | 35 ++- hasher-priv/server.conf | 22 ++ hasher-priv/sockets.c | 183 ++++++++++++++ hasher-priv/sockets.h | 32 +++ hasher-priv/x11.c | 1 + 31 files changed, 2872 insertions(+), 247 deletions(-) create mode 100644 hasher-priv/caller_server.c create mode 100644 hasher-priv/caller_task.c create mode 100644 hasher-priv/cgroup.c create mode 100644 hasher-priv/communication.c create mode 100644 hasher-priv/communication.h create mode 100644 hasher-priv/epoll.c create mode 100644 hasher-priv/epoll.h create mode 100644 hasher-priv/hasher-priv.c create mode 100644 hasher-priv/hasher-privd.c create mode 100644 hasher-priv/hasher-privd.service create mode 100755 hasher-priv/hasher-privd.sysvinit create mode 100644 hasher-priv/logging.c create mode 100644 hasher-priv/logging.h delete mode 100644 hasher-priv/main.c create mode 100644 hasher-priv/pidfile.c create mode 100644 hasher-priv/pidfile.h create mode 100644 hasher-priv/server.conf create mode 100644 hasher-priv/sockets.c create mode 100644 hasher-priv/sockets.h -- 2.24.0
next reply other threads:[~2019-12-13 11:42 UTC|newest] Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-12-13 11:42 Alex Gladkov [this message] 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 1/3] " Alex Gladkov 2020-09-17 13:10 ` Arseny Maslennikov 2020-10-01 19:43 ` Alexey Gladkov 2020-10-01 21:24 ` Arseny Maslennikov 2020-10-01 23:38 ` Alexey Gladkov 2020-09-17 13:10 ` [devel] [PATCH hasher-priv v1 1/3] *literacy* Arseny Maslennikov 2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] caller.c Arseny Maslennikov 2020-09-17 13:55 ` Arseny Maslennikov 2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] caller_server.c, caller_task.c Arseny Maslennikov 2020-10-01 19:47 ` Alexey Gladkov 2020-09-17 13:11 ` [devel] [PATCH hasher-priv v1 1/3] config.c Arseny Maslennikov 2020-09-18 10:42 ` Dmitry V. Levin 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] hasher-privd.c Arseny Maslennikov 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] logging.c Arseny Maslennikov 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] Makefile Arseny Maslennikov 2020-09-17 15:09 ` Vladimir D. Seleznev 2020-09-18 10:48 ` Dmitry V. Levin 2020-09-18 10:54 ` Andrey Savchenko 2020-09-18 11:33 ` Dmitry V. Levin 2020-09-18 12:24 ` Arseny Maslennikov 2020-09-17 13:12 ` [devel] [PATCH hasher-priv v1 1/3] server.conf Arseny Maslennikov 2020-09-18 10:50 ` Dmitry V. Levin 2020-09-18 10:57 ` Arseny Maslennikov 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 2/3] Add systemd and sysvinit service files Alex Gladkov 2020-06-17 22:31 ` Mikhail Novosyolov 2020-06-17 22:38 ` Mikhail Novosyolov 2020-06-17 22:50 ` Alexey Gladkov 2020-06-17 22:43 ` Alexey Gladkov 2020-06-17 22:53 ` Mikhail Novosyolov 2020-09-17 13:10 ` Arseny Maslennikov 2020-10-01 17:25 ` Alexey Gladkov 2020-10-01 17:50 ` Arseny Maslennikov 2019-12-13 11:42 ` [devel] [PATCH hasher-priv v1 3/3] Add cgroup support Alex Gladkov 2020-09-17 13:11 ` Arseny Maslennikov 2020-10-01 19:17 ` Alexey Gladkov 2020-10-01 20:23 ` Arseny Maslennikov 2020-10-02 0:42 ` Alexey Gladkov 2020-10-02 11:46 ` Arseny Maslennikov 2020-10-02 12:58 ` Alexey Gladkov 2019-12-15 8:50 ` [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv Alexey Tourbin 2019-12-15 23:33 ` Andrey Savchenko 2019-12-16 9:35 ` Dmitry V. Levin 2019-12-29 11:03 ` Alexey Tourbin 2020-03-16 10:34 ` Alexey Gladkov 2020-06-17 22:01 ` Alexey Gladkov 2020-09-17 13:09 ` Arseny Maslennikov 2020-10-01 17:21 ` Alexey Gladkov 2020-10-01 17:44 ` Arseny Maslennikov 2020-10-01 20:01 ` Alexey Gladkov 2020-10-01 21:53 ` Arseny Maslennikov 2020-10-01 23:55 ` Alexey Gladkov
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=cover.1576183643.git.legion@altlinux.org \ --to=legion@altlinux.ru \ --cc=devel@lists.altlinux.org \ --cc=ldv@altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Team development discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \ devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru public-inbox-index devel Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.devel AGPL code for this site: git clone https://public-inbox.org/public-inbox.git