This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [ITP] libsuexec 1.0
- From: Achim Gratz <Stromeko at nexgo dot de>
- To: cygwin-apps at cygwin dot com
- Date: Thu, 21 Aug 2014 06:54:43 +0200
- Subject: Re: [ITP] libsuexec 1.0
- Authentication-results: sourceware.org; auth=none
- References: <53EF10B3 dot A1BC4FBE at boland dot nl> <53F100E0 dot CA2D4863 at boland dot nl> <871tsdhfmv dot fsf at Rainer dot invalid> <53F243E0 dot EA1E358E at boland dot nl>
D. Boland writes:
>> I still think you should name it differently. Marco has already mixed
>> it up with Apache suexecâ
>
> The idea kind of was to mix it up, so people will know what it does.
Apache suexec is concerned with running new processes as a different
user, so both the "su" and the "exec" part of the name make sense.
Your library is concerned with inserting itself into certain calls to
swap uid/gid so programs expecting a fixed mapping of some uid/gid to
certain capabilities (roughly associated with the concept of a root
user) work without the actual source getting patched on a system where
those assumptions aren't true. Looks like different thing to me and
giving it a different name surely wouldn't hurt.
> I noticed that you and other people already declare the user switching
> technique half dead. It's a brilliant idea, you know. Because of its
> simplicity.
I did nothing of that sort. I said that the assumptions some of those
programs make aren't true on many systems and have not been for a long
time.
> It's even patented. By referring to the Apache executable
> I give the technique the glory and attention it deserves.
Attaching to unrelated projects' names for glory is a surefire way to
rile those projects up and sow confusion among users on both sides.
> So most people are thinking 'Capabilities' nowadays... Sigh. This will
> only steer admins away from finding out how user switching works and
> applying it. Instead they will just run entire server processes as
> admin-users.
Again, running applications with the least privileges needed for a given
task is a tried and valid concept. SWitching uid/gid to achieve that is
an implementation detail that is not relevant to all systems. Give
SELinux a spin and then come back to me.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
DIY Stuff:
http://Synth.Stromeko.net/DIY.html