You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Problem:
Service uses specific user in service file. Let's say UserA.
For root this service file is ok, since root can ::setuid() to any other user easily without assistance of the user. So running user's stuff as a root should never be a problem.
However, running the service as any other user, let's say UserB, will fail to do so, with very weird error code. So, lets fix that.
Proposition:
Let's introduce precheck stage, when each loaded file will be checked against logic issues (since serde already handles syntax). In that stage we will check if specified directories/files exist, if user can setuid to specified user, if program specified is runnable and has correct permissions, etc... etc…
That also would allow us to implement --create-if-absent (of course this switch's name is placeholder for sake of example) that will create directories, for example, for logs.
The text was updated successfully, but these errors were encountered:
This is a very good point, and also the reason why the test for setuid is currently ignored.
I agree with the precheck flight, I'm not very convinced on the create-if-absent flag. If the actions (like creating a directory for the logs) are possibly non destructive, I would just go ahead and do them instead of adding a new command flag... But I don't have at the top of my head any other examples of "create-if-absent" usage, if we find more then I guess we should consider adding this parameter. It will probably be more clear after implementing this precheck stage.
agreed,
one downside i can see is changing users, and which user should create the directory, either way, this is a separate issue.
I will check out how verification can be implemented, since its the next issue after #48
I also wanted to add a pointer to the current verification step after the deserialization of the service, happening here. At some point I've left a TODO for possibly more verification to be done....
Problem:
Service uses specific user in service file. Let's say UserA.
For root this service file is ok, since root can ::setuid() to any other user easily without assistance of the user. So running user's stuff as a root should never be a problem.
However, running the service as any other user, let's say UserB, will fail to do so, with very weird error code. So, lets fix that.
Proposition:
Let's introduce precheck stage, when each loaded file will be checked against logic issues (since serde already handles syntax). In that stage we will check if specified directories/files exist, if user can setuid to specified user, if program specified is runnable and has correct permissions, etc... etc…
That also would allow us to implement --create-if-absent (of course this switch's name is placeholder for sake of example) that will create directories, for example, for logs.
The text was updated successfully, but these errors were encountered: