[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] GNS changes

From: Christian Grothoff
Subject: Re: [GNUnet-developers] GNS changes
Date: Thu, 23 Feb 2017 12:26:07 +0100
User-agent: Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Icedove/45.6.0

On 02/23/2017 11:29 AM, ng0 wrote:
>> 1) GNS service must run as user 'gnunet', as it needs to access the
>> 'dns' service, which is UID-restricted in the strict security model; at
>> the same time, GNS service with shortening OR reverse lookup needs to
>> run as $USER as it needs access to namestore (which is per-user). Eh,
>> great, how am I supposed to setup my permissions again?  So by NOT
>> having those two functions in GNS, I fix this BIG problem.  (Note that
>> moving the 'publish GNS zone to DHT' into 'zonemaster' earlier, I
>> removed the remaining namestore dependency of GNS.)
> Does this mean that the previous requirement of a unix group "gnunetdns"
> is gone as well?

Nope, that's still there. That is why gnunet-service-gns must run as
*user* "gnunet", so it can access the user-gnunet-restricted but SGID
gnunet-service-dns, which is SGID to "gnunetdns" so that it can start
the group-gnunetgns-exec-restricted gnunet-helper-dns (which itself is

So access-wise:

$USER in group 'gnunet' can access GNS (GID-limited UNIX domain socket)
GNS as user 'gnunet' can access DNS (UID-limited UNIX domain socket)
DNS as group 'gnunetdns' can access DNS-HELPER (chmod-limited binary)
DNS-HELPER as user 'root' can intercept and modify DNS traffic

The latter is something we need to keep out of $USER's hands, DNS
exposes the functionality, but GNS restricts it to ".gnu" and ".zkey"
TLDs, making it "sane" to have.

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]