On 02/23/2017 11:29 AM, ng0 wrote: >> >> 1) GNS service must run as user 'gnunet', as it needs to access the >> 'dns' service, which is UID-restricted in the strict security model; at >> the same time, GNS service with shortening OR reverse lookup needs to >> run as $USER as it needs access to namestore (which is per-user). Eh, >> great, how am I supposed to setup my permissions again? So by NOT >> having those two functions in GNS, I fix this BIG problem. (Note that >> moving the 'publish GNS zone to DHT' into 'zonemaster' earlier, I >> removed the remaining namestore dependency of GNS.) > Does this mean that the previous requirement of a unix group "gnunetdns" > is gone as well? >
Nope, that's still there. That is why gnunet-service-gns must run as *user* "gnunet", so it can access the user-gnunet-restricted but SGID gnunet-service-dns, which is SGID to "gnunetdns" so that it can start the group-gnunetgns-exec-restricted gnunet-helper-dns (which itself is SUID). So access-wise: $USER in group 'gnunet' can access GNS (GID-limited UNIX domain socket) GNS as user 'gnunet' can access DNS (UID-limited UNIX domain socket) DNS as group 'gnunetdns' can access DNS-HELPER (chmod-limited binary) DNS-HELPER as user 'root' can intercept and modify DNS traffic The latter is something we need to keep out of $USER's hands, DNS exposes the functionality, but GNS restricts it to ".gnu" and ".zkey" TLDs, making it "sane" to have.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
