From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.1 From: Alex Gladkov To: ldv@altlinux.org Date: Fri, 13 Dec 2019 12:42:02 +0100 Message-Id: X-Mailer: git-send-email 2.24.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Cc: devel@lists.altlinux.org Subject: [devel] [PATCH hasher-priv v1 0/3] Make a daemon from the hasher-priv X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Dec 2019 11:42:12 -0000 Archived-At: List-Archive: List-Post: From: Alexey Gladkov The hasher-priv is a SUID utility. This is not good. Separation of the server and client parts will allow us to remove SUID flag. The separation of server and client is not intended to give clients access over the network. This separation is only necessary to distinguish privileges. Only UNIX domain socket is used. A separate session process is created for each connected user. Each such process ends after a certain period of inactivity. Alexey Gladkov (3): Make a daemon from the hasher-priv Add systemd and sysvinit service files Add cgroup support hasher-priv/.gitignore | 1 + hasher-priv/DESIGN | 281 +++++++++++++-------- hasher-priv/Makefile | 34 ++- hasher-priv/caller.c | 81 +++--- hasher-priv/caller_server.c | 373 ++++++++++++++++++++++++++++ hasher-priv/caller_task.c | 217 +++++++++++++++++ hasher-priv/cgroup.c | 119 +++++++++ hasher-priv/cmdline.c | 27 +- hasher-priv/communication.c | 392 ++++++++++++++++++++++++++++++ hasher-priv/communication.h | 77 ++++++ hasher-priv/config.c | 148 ++++++++++- hasher-priv/epoll.c | 39 +++ hasher-priv/epoll.h | 18 ++ hasher-priv/hasher-priv.c | 78 ++++++ hasher-priv/hasher-privd.c | 375 ++++++++++++++++++++++++++++ hasher-priv/hasher-privd.service | 11 + hasher-priv/hasher-privd.sysvinit | 86 +++++++ hasher-priv/io_log.c | 2 +- hasher-priv/io_x11.c | 2 +- hasher-priv/killuid.c | 2 +- hasher-priv/logging.c | 64 +++++ hasher-priv/logging.h | 55 +++++ hasher-priv/main.c | 75 ------ hasher-priv/pass.c | 117 ++++++++- hasher-priv/pidfile.c | 128 ++++++++++ hasher-priv/pidfile.h | 44 ++++ hasher-priv/priv.h | 35 ++- hasher-priv/server.conf | 22 ++ hasher-priv/sockets.c | 183 ++++++++++++++ hasher-priv/sockets.h | 32 +++ hasher-priv/x11.c | 1 + 31 files changed, 2872 insertions(+), 247 deletions(-) create mode 100644 hasher-priv/caller_server.c create mode 100644 hasher-priv/caller_task.c create mode 100644 hasher-priv/cgroup.c create mode 100644 hasher-priv/communication.c create mode 100644 hasher-priv/communication.h create mode 100644 hasher-priv/epoll.c create mode 100644 hasher-priv/epoll.h create mode 100644 hasher-priv/hasher-priv.c create mode 100644 hasher-priv/hasher-privd.c create mode 100644 hasher-priv/hasher-privd.service create mode 100755 hasher-priv/hasher-privd.sysvinit create mode 100644 hasher-priv/logging.c create mode 100644 hasher-priv/logging.h delete mode 100644 hasher-priv/main.c create mode 100644 hasher-priv/pidfile.c create mode 100644 hasher-priv/pidfile.h create mode 100644 hasher-priv/server.conf create mode 100644 hasher-priv/sockets.c create mode 100644 hasher-priv/sockets.h -- 2.24.0