On 2020/12/15 23:07, Jan Klemkow wrote:
> Hi,
>
> for frequent performance test it would be nice to just start tcpbench
> as a regular service. tcpbench gets an extra user and group with this
> diff and is already pledged to "stdio". Thus, there should be no
> security risk to do this even in hostile environments.
"io" is just for client, for server it's:
$ ps -O pledge -ax|grep [t]cpb
43696 stdio,inet,unix pf I+p
0:00.00 tcpbench -s
> diff -u -p -r1.104 master.passwd
> --- etc/master.passwd 24 Apr 2020 14:57:31 -0000 1.104
> +++ etc/master.passwd 15 Dec 2020 21:25:17 -0000
> @@ -62,4 +62,5 @@ _ftp_proxy:*:109:109::0:0:ftp proxy daem
> _sndiop:*:110:110::0:0:sndio privileged user:/var/empty:/sbin/nologin
> _syspatch:*:112:112::0:0:syspatch unprivileged user:/var/empty:/sbin/nologin
> _slaacd:*:115:115::0:0:SLAAC Daemon:/var/empty:/sbin/nologin
> +_tcpbench:*:116:116::0:0:tcpbench unprivileged user:/var/empty:/sbin/nologin
> nobody:*:32767:32767::0:0:Unprivileged user:/nonexistent:/sbin/nologin
no need to grow the "used system uid" space, 111 is available and was
taken for less than a day so it's unlikely anyone would even need to
merge passwd/group files. or maybe a lower one is better, I don't know
if there's a particular numbering plan for these..
> Index: etc/rc.d/tcpbench
> ===================================================================
> RCS file: etc/rc.d/tcpbench
> diff -N etc/rc.d/tcpbench
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ etc/rc.d/tcpbench 15 Dec 2020 20:30:18 -0000
> @@ -0,0 +1,12 @@
> +#!/bin/ksh
> +
> +daemon="/usr/bin/tcpbench"
> +daemon_flags="-s"
> +daemon_user=_tcpbench
> +
> +. /etc/rc.d/rc.subr
> +
> +rc_reload=NO
> +rc_bg=YES
> +
> +rc_cmd $1
>
I am not a big fan of this to be honest. tcpbench is written more as a
test tool than a network daemon. For starters, the spew on the console
when it's active is not very nice.
