Re: [Linuxptp-devel] [PATCHv2 RFC 0/6] Support for dropping root privileges
On Tue, Jul 13, 2021 at 05:08:36PM +0200, Miroslav Lichvar wrote: > In the v1 discussion there was a suggestion to not use libcap. I have > not looked into that yet, but I can try it if this whole thing makes > sense otherwise. IIRC, after V1, I looked at avoiding libcap, but I came to the conclusion that using libcap is the better way and that worth adding the dependency. Thanks, Richard ___ Linuxptp-devel mailing list Linuxptp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linuxptp-devel
[Linuxptp-devel] [PATCHv2 RFC 0/6] Support for dropping root privileges
v2: - keep more capabilities (raw sockets, timestamping configuration) - copy ownership of server UDS - follow location of server UDS for client sockets - support operation with NTPSHM servo - move default UDS addresses to /var/run/linuxptp This patchset implements a support for dropping all root privileges except four capabilities that are needed to work with clocks and (raw) sockets. This should limit impact of security issues. A new option is added to ptp4l/phc2sys/pmc to specify the username to which should be the process switch. I tried few different approaches with the configuration. I think this one will be least problematic for migrations and user experience. A pmc/phc2sys running under root can still work with non-root ptp4l. There are some cases which requires the permissions of the PTP clocks to be set up for the operation as they cannot be opened before root is dropped. The default location of all UDS sockets is changed to /var/run/linuxptp. The directory is created by ptp4l on first start. If the user configuration of ptp4l is changed, the directory has to be removed. In the v1 discussion there was a suggestion to not use libcap. I have not looked into that yet, but I can try it if this whole thing makes sense otherwise. Miroslav Lichvar (6): util: Add functions for dropping root privileges. uds: Copy ownership of server socket. clock: Add support for dropping root privileges. pmc: Add support for dropping root privileges. phc2sys: Add support for dropping root privileges. config: move default UDS addresses to /var/run/linuxptp. clock.c | 29 +--- config.c| 5 +- configs/default.cfg | 4 +- incdefs.sh | 11 - makefile| 4 ++ phc2sys.8 | 14 +- phc2sys.c | 31 +++-- pmc.8 | 15 -- pmc.c | 12 +++-- pmc_common.c| 32 + ptp4l.8 | 14 +- uds.c | 9 util.c | 111 util.h | 19 14 files changed, 283 insertions(+), 27 deletions(-) -- 2.26.3 ___ Linuxptp-devel mailing list Linuxptp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linuxptp-devel
