* Roberto De Ioris <[email protected]> [2013-03-27 14:09]: > >> >> Could the new balcklist/whitelist options be used as an >> alternative to tyrant mode? I'm thinking of running the emperor >> with >> >> [uwsgi] >> uid = uwsgi >> gid = uwsgi >> umask = 022 >> pidfile = /var/run/uwsgi/uwsgi.pid >> daemonize = /var/log/uwsgi.log >> log-date = true >> emperor = /etc/uwsgi.d >> cap = setgid,setuid >> >> and then create for each user a root-owned file >> /etc/uwsgi.d/user-<username>.ini which only includes a user-owned >> file: >> >> [uwsgi] >> uid = <username> >> gid = <username> >> blacklist = uid gid >> ini = /home/<username>/uwgsi.ini >> end-blacklist = >> >> Would that be secure or am I overlooking any way for the user >> configuration to circumvent uid/gid? >> -- >> Guido Berhoerster >> > > a user could load a "malicious" plugin hooking itself just before > privileges drop, so you should disallow "plugin/plugins" too. > > From a security point of view it is not a good approach, as we could add > new options (or aliaes) you could overlook (and that should be > blacklisted) and so on.
OK, I guess it is a suboptimal approach, I could use a whitelist instead but maintaining that would be tedious and difficult to get right. > > Any reason to not want tyrant mode ? I suppose managing file permissions > of vassal's file is the problem... Yes, I would prefer if it were more explicit. -- Guido Berhoerster _______________________________________________ uWSGI mailing list [email protected] http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
