MOO-cows Mailing List Archive


Re: Fun with FUP and root.

> Is "nobody" really correct?  

	No, setuid nobody is a bit paranoid, but it is the only 
	unprivleged username that is likely to be found on a UN*X 
	system (of course, you can't guarantee that...)

> Can that user write the checkpoints?

	Well, sure, if you have the directory permissions set properly. 

	But that IS a good point. If a server running as root does an 
	invisible setuid, there's a pretty good chance it will lose the 
	ability to write to its working directory. (This problem is not 
	specific to nobody, just a lot more likely) A server that can't 
	(seem to) write checkpoints out of the box is definitely a Bad 

	One might argue that the server should fail to start if it 
	cannot write a checkpoint (I haven't looked at this code 
	since 1.7.x, and I can't remember if it does)

	On the other hand, it might be better to take Paul Snow's 
	approach, and handle the uid swap someplace external to the 
	server. But then you get back to the problem of binding a 
	port below 1024.

	Having the server silently setuid (or even noisily) suddenly 
	seems a bit heavy-handed to me...on the other hand, I DO 
	think it would be a good idea to provide a way to bind a lower 
	port easily, yet continue running as a specific (non-root) 

	Hmm, maybe if the user to run as could be set through a 
	command line option, or an environment variable.

	Unfortunately there's no clear path on what should be done.

(probably more than my allotted $0.02 (in any currency))

Erik R. Ogan                                        Mail with Subject:
Webmaster/Applications Programmer                    "send public key"
GALT Technologies / Intuit, Inc.             Returns my PGP public key
           4E C8 9E AC 2E 79 1E 26  62 4E 40 AA A9 52 98 21


Home | Subject Index | Thread Index