Discussion:
daemontools-encore version 1.03 released
Bruce Guenter
2010-11-09 22:21:01 UTC
Permalink
Hi.

I've just put daemontools-encore version 1.03 up at

http://untroubled.org/daemontools-encore/

This release adds a -s option to setuidgid to set the supplemental GIDs
(thanks to SATOH Fumiyasu), and fixes a couple of warnings and potential
compile errors.

(sorry for the duplicate message, the subject was wrong on the first)

-----

daemontools-encore is a collection of tools for managing UNIX services.
It is derived from the public-domain release of daemontools
(http://cr.yp.to/daemontools.html) by D. J. Bernstein.

daemontools-encore adds numerous enhancements above what daemontools
could do while maintaining backwards compatibility with daemontools.
See the CHANGES file for more details on what features have been added.
--
Bruce Guenter <***@untroubled.org> http://untroubled.org/
Peter Wolfenden
2010-11-11 13:44:07 UTC
Permalink
This reminds me of a patched version of setuidgid that I proposed back in
2004
to "inherit" all the auxilliary groups of a given user:

http://www.wolfendens.com/code/as_user.c

l can see advantages to both this approach and one where the GIDs are
specified
explicitly - although from a security perspective the latter may be
preferable, I find
the former simpler to manage - of course I'm biased!

I was feeling proud of myself for using a similar system to enforce "least
privilege"
when I happened upon a 2007 paper by Dan Bernstein called "Some thoughts on
security after ten years of qmail 1.0", in which he wrote:

I have become convinced that this “principle of least privilege” is
fundamentally
wrong. Minimizing privilege might reduce the damage done by some
security
holes but almost never fixes the holes. Minimizing privilege is not the
same as
minimizing the amount of trusted code, does not have the same benefits
as
minimizing the amount of trusted code, and does not move us any closer
to a
secure computer system.

Ouch.

Of course, we all know there *are* benefits to minimizing privilege, and
that's one
of the reasons some of us are moved to use (and patch) daemontools. But I
take
Dan's point to be that we must never forget that there's only so much you
can do
at the sysadmin level to contain the risks posed by vulnerable code.

Cheers,

Peter
Post by Bruce Guenter
Hi.
I've just put daemontools-encore version 1.03 up at
http://untroubled.org/daemontools-encore/
This release adds a -s option to setuidgid to set the supplemental GIDs
(thanks to SATOH Fumiyasu), and fixes a couple of warnings and potential
compile errors.
(sorry for the duplicate message, the subject was wrong on the first)
-----
daemontools-encore is a collection of tools for managing UNIX services.
It is derived from the public-domain release of daemontools
(http://cr.yp.to/daemontools.html) by D. J. Bernstein.
daemontools-encore adds numerous enhancements above what daemontools
could do while maintaining backwards compatibility with daemontools.
See the CHANGES file for more details on what features have been added.
--
Loading...