BIND 10 #180: b10 start auth server drop privs asap

BIND 10 Development do-not-reply at isc.org
Tue Jun 29 13:52:11 UTC 2010 

#180: b10 start auth server drop privs asap
--------------------------+-------------------------------------------------
 Reporter:  shane         |        Owner:  shane                                         
     Type:  enhancement   |       Status:  reviewing                                     
 Priority:  major         |    Milestone:  05. 3rd Incremental Release: Serious Secondary
Component:  Boss of BIND  |   Resolution:                                                
 Keywords:                |    Sensitive:  0                                             
--------------------------+-------------------------------------------------
Changes (by jelte):

  * owner:  jelte => shane


Comment:

 bind10.py.in:

 i personally think 'if foo not in bar' and 'if foo is not None' reads
 better than 'if not foo in bar' and 'if not foo is None'. We don't really
 have a style thingy about this, and both versions appear in the code. It's
 also quite minor :)

 _setuid(self) has two write statements that don't prefix with the module.
 I suspect at least one of them is debug leftover, and shouldn't need to be
 there at all (perhaps even both of them).

 So the initial few 'downsetuidable' processes get the given uid as an
 argument, but after that you set the uid of bob himself, and then simply
 don't pass it along anymore. I don't think this is a very good approach,
 it's inconsistent at the very least, but it also gives us a problem
 (restart of auth will fail if it uses privileged port, and keep on failing
 after that). The 'full' way would be to not setuid of bob himself, only
 for subprocesses (either way, this should all change when we have our holy
 socket creator).

 Don't know if it's out of scope, but the process starting code contains
 nothing but replication, so a refactor would be nice ;)

 Please document the return values of restart_processes (0, not-0 and
 None?) (more generally, i think we can do a better job of documenting
 arguments and return values in our python code)

 If you give an existing user, but don't start as root, the error message
 is a bit confusing (simply says 'operation not permitted', not what
 operation that is)


 bind10_test.in:

 Do we still use the (generated) test scripts? (we have make check for that
 now, right?)


 args_test.py:

 You mention this in your own comment, but "shane" does not exist on my
 system so this test fails... i don't think 'nobody' will work. Perhaps
 take the username of the user that runs configure?

 should this one also test other arguments while we're at it?

-- 
Ticket URL: <http://bind10.isc.org/ticket/180#comment:7>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list