Send inn-workers mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/inn-workers
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-workers digest..."
Today's Topics:
1. Re: rc.news: checking whether we run as the news user
(Russ Allbery)
----------------------------------------------------------------------
Message: 1
Date: Sat, 18 Oct 2014 20:39:42 -0700
From: Russ Allbery <[email protected]>
To: [email protected]
Subject: Re: rc.news: checking whether we run as the news user
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8
Julien ?LIE <[email protected]> writes:
> In the rc.news man page, there is a BUGS section that mentions:
> "Running rc.news start as root is never the right thing to do,
> so we should at minimum check for this and error, or perhaps
> change effective user ID."
> I suggest to check whether rc.news is run as another user ID than the
> "news" user (in all cases, be it start or stop). If it is the case, we
> exit with the error:
> rc.news should be run as the "news" user
> where "news" is in fact the value of the runasuser keyword in inn.conf
> (the real news user). I don't think we should change effective user ID
> (if root). It might hide another issue.
I don't think I ever said explicitly here, but I think it would be fine to
change users. However, that's rather hard to do safely. I suppose we
could re-exec ourself with su to news, but I'd worry that there would be
some way of tricking that into running the wrong script.
So, as a fallback, I think detecting this and aborting would be fine.
However, another nice alternative would be to be sure that every program
run from rc.news knows how to switch users to the news user on demand. In
general, that wouldn't be too hard; innd already handles that case,
expirerm easily could, and so could cnfsstat. And rc.news could be sure
to chown the active file if it recovers one. The hard part is innwatch,
which is a giant shell script and can't easily change users. It's not
clear there's anything horribly wrong with running innwatch as root, but
it's also a giant shell script and I'm not positive it's completely safe
to run that way.
There's also any programs people added to rc.news.local, but I suspect
that's not widely used.
--
Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
------------------------------
_______________________________________________
inn-workers mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/inn-workers
End of inn-workers Digest, Vol 65, Issue 4
******************************************
