[bind10-dev] Possible suid root on b10-sockcreator

Michal 'vorner' Vaner michal.vaner at nic.cz
Tue Dec 20 08:46:17 UTC 2011 

Hello

On Mon, Dec 19, 2011 at 11:10:40AM -0800, JINMEI Tatuya / 神明達哉 wrote:
> >   - No need to become completely root to start it.
> >   - Consistent with the fact we don't support daemon mode directly either, eg it
> >     is handled by external tools. If user wants it to run as a different user,
> >     he would use su.
> 
> I really didn't understand the first two.

I mean this. Now, if I want to start bind10 with privileged port, but as the
user I'm currently, I need to do:
vorner at hydra ~/bind10 $ su
password:
hydra /home/vorner/bind10 # ./sbin/bind10 -u vorner

So, there are two things ‒ I need to switch to root and then tell the software
to switch back. With setuid, I'd simply write:
vorner at hydra ~/bind10 $ ./sbin/bind10


The other is, we don't have any --daemon or --no-daemon flags. If we want to run
as a daemon, we do something like:
nohup ./sbin/bind10 >/dev/null 2>&1 &

Simply, bind10 runs DNS, it's not its goal to daemonize, there are tools for
that. The same goes, at last in theory, with switching users, so it'd be
consistent with the philosophy.

> The third one seems to be a
> real benefit if we could really eliminate the option for the user to
> change run time users.  I'm not sure if it's the case though.  I see
> the advantage of the fourth one, too; however my general understanding
> was that if socketcreator ever crashed we'd rather stop the entire
> system.  At least I'd hold off to see how often/common the crash could
> happen before jumping to the setuid+restart approach for this reason.

We want to stop everything because without setuid we simply have no other
option.

> not yet convinced that the fourth one is really a good idea, I'd hold
> off until we see stronger need for this approach.

Hmm, you're probably right we have enough to do anyway. I'm just producing too
many ideas O:-).

Thanks

With regards

-- 
I still miss Windows, but my aim is getting better.

Michal 'vorner' Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind10-dev/attachments/20111220/b15a8afd/attachment.bin>

More information about the bind10-dev mailing list