[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Providing an alternative to setuid in GuixSD
From: |
sbaugh |
Subject: |
Re: Providing an alternative to setuid in GuixSD |
Date: |
Wed, 26 Oct 2016 14:34:49 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Christopher Allan Webber <address@hidden> writes:
> So, you're running psudo, and this thing maybe accepts connections over
> something more secure, *maybe* unix domain sockets... so restrict group
> access to the socket to users in the "psudo" group.
>
> From there, maybe it could require PAM authentication while entering the
> root password, or something.
>
> It feels hard to know how psudo could "know" what user is accessing the
> socket... I don't think that information is made available, right?
> Maybe I'm wrong! I guess postgres and etc do similar things?
On Linux, there is SCM_CREDENTIALS (and similar stuff on BSDs). From
Linux unix(7):
SCM_CREDENTIALS
Send or receive UNIX credentials. This can be used for authentication.
The credentials are passed as a struct ucred ancillary message. Thus
structure is defined in <sys/socket.h> as follows:
struct ucred {
pid_t pid; /* process ID of the sending process */
uid_t uid; /* user ID of the sending process */
gid_t gid; /* group ID of the sending process */
};
Moreover there is the Polkit (ne PolicyKit) framework for this kind of
stuff, which could provide a more high-level interface if we chose to
use it. (GNOME uses it as does systemd)
(Note that there is already pkexec (bundled with Polkit) which provides
a sudo replacement with authentiation and policy through Polkit. But
it's setuid for some reason. I haven't investigated why...)