On Fri, Jun 30, 2006 at 02:39:01PM -0400, Justin Pryzby wrote:
On Fri, Jun 30, 2006 at 03:16:27PM +1000, Peter Moulder wrote:
As root (assuming running with set -e):
d=`mktemp -d`
install -d -m 700 -o nobody $d/writable
(cd $d/writable su nobody -c 'wget ...')
User `nobody' can write into this `writable' directory, but only for a
process that has already cd'd into it as root before becoming nobody:
the $d directory is executable only by root.
I think it is intended that nobody never owns any files.
I believe that the reason for this is so that no `nobody'-owned process
can read/write non-world-accessible files other than its own. The above
approach does achieve this result even though it does literally create a
file as `nobody': no other non-root process can access the file.
So the right way to do it probably involves dynamically creating a
user
I believe that many things would benefit at least slightly in security
from such a facility: even things that don't need to read/write files
would still be less exposed to denial of service by being killed by
other nobody-owned processes.
However, in the short term, I suggest using the only-root-readable
directory approach: it already gets us most of the way there, avoiding
giving the wget executable privileges of an important user like
root (or sys or operator).
pjrm.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]