Add Verification for service/config file #50
Comments
|
This is a very good point, and also the reason why the test for setuid is currently ignored. I agree with the precheck flight, I'm not very convinced on the create-if-absent flag. If the actions (like creating a directory for the logs) are possibly non destructive, I would just go ahead and do them instead of adding a new command flag... But I don't have at the top of my head any other examples of "create-if-absent" usage, if we find more then I guess we should consider adding this parameter. It will probably be more clear after implementing this precheck stage. |
|
agreed, |
|
I also wanted to add a pointer to the current verification step after the deserialization of the service, happening here. At some point I've left a TODO for possibly more verification to be done.... |
Problem:
Service uses specific user in service file. Let's say UserA.
For root this service file is ok, since root can ::setuid() to any other user easily without assistance of the user. So running user's stuff as a root should never be a problem.
However, running the service as any other user, let's say UserB, will fail to do so, with very weird error code. So, lets fix that.
Proposition:
Let's introduce precheck stage, when each loaded file will be checked against logic issues (since serde already handles syntax). In that stage we will check if specified directories/files exist, if user can setuid to specified user, if program specified is runnable and has correct permissions, etc... etc…
That also would allow us to implement --create-if-absent (of course this switch's name is placeholder for sake of example) that will create directories, for example, for logs.
The text was updated successfully, but these errors were encountered: