Hi, On 07/31/2014 11:42, intrig...@debian.org wrote: > the attached unit file has NoNewPrivileges set to "yes", which, > according to systemd.exec(5), "prohibits UID changes of any kind". > > However, the tor daemon it starts successfully manages to change its > UID to debian-tor, as configured with "User debian-tor" in > /usr/share/tor/tor-service-defaults-torrc: [...] > Did I misunderstand the documentation, or is the doc wrong, or is > there a bug somewhere?
It works as intended, but the documentation might be a bit misleading. NoNewPrivileges only affects the exec syscall which will no longer grant any new privileges, including no longer switching uid for suid binaries. It does *not* take away the CAP_SETUID or any other capabilities the process already has. See also man:prctl(2) and Documentation/prctl/no_new_privs.txt in the Linux kernel documentation. Ansgar -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org