why setuid? why not just do the non-privileged part, then fire a dbus event to some root service to do the privileged part of adding network config. (and uses policy kit to validate the request).
or a root daemon that do the privileged part of network configuration. so in summary an unprivileged user tool that do every possible thing (except network configuration) it then fires a dbus event or a request to privileged daemon "please configure network on this please" On Fri, May 6, 2016 at 11:59 AM, Karanbir Singh <mail-li...@karan.org> wrote: > On 06/05/16 00:52, Daniel J Walsh wrote: > > > > > > On 05/05/2016 02:10 PM, Josh Berkus wrote: > >>> Currently it is not part of a product and has not has a rigorous > >>> review from a security team. However, I believe our approach > >>> is good, and if anyone wants a peer-reviewed setuid binary > >>> for container features, it's worth considering bubblewrap! > >> So I want to have a "Pop the Bubblewrap" contest which we discussed > >> somewhere else. That is, let's put out a contest for users to try to > >> break through bubblewrap and report the technical issues. We'll have > >> some prizes. > >> > >> I'm happy to run the contest, and RH PR would help publicize it, but I'd > >> need someone to manage it from the technical side. > >> > > I like the idea. We have a security review going on right now with the > > Security Response team. Perhaps we should see where they are with the > > review before we put out the challenge. > > > > > > happy to help promote this from the CentOS side of things as well > > regards, > > -- > Karanbir Singh > +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh > GnuPG Key : http://www.karan.org/publickey.asc > >
