> * Roberto De Ioris <[email protected]> [2013-03-27 > 14:09]: >> >>> >>> Could the new balcklist/whitelist options be used as an >>> alternative to tyrant mode? I'm thinking of running the emperor >>> with >>> >>> [uwsgi] >>> uid = uwsgi >>> gid = uwsgi >>> umask = 022 >>> pidfile = /var/run/uwsgi/uwsgi.pid >>> daemonize = /var/log/uwsgi.log >>> log-date = true >>> emperor = /etc/uwsgi.d >>> cap = setgid,setuid >>> >>> and then create for each user a root-owned file >>> /etc/uwsgi.d/user-<username>.ini which only includes a user-owned >>> file: >>> >>> [uwsgi] >>> uid = <username> >>> gid = <username> >>> blacklist = uid gid >>> ini = /home/<username>/uwgsi.ini >>> end-blacklist = >>> >>> Would that be secure or am I overlooking any way for the user >>> configuration to circumvent uid/gid? >>> -- >>> Guido Berhoerster >>> >> >> a user could load a "malicious" plugin hooking itself just before >> privileges drop, so you should disallow "plugin/plugins" too. >> >> From a security point of view it is not a good approach, as we could add >> new options (or aliaes) you could overlook (and that should be >> blacklisted) and so on. > > OK, I guess it is a suboptimal approach, I could use a whitelist > instead but maintaining that would be tedious and difficult to > get right. > >> >> Any reason to not want tyrant mode ? I suppose managing file permissions >> of vassal's file is the problem... > > Yes, I would prefer if it were more explicit. >
i understand the problem (expecially when you copy the vassals to remote nodes). What about using alternative storages for configs ? For example storing in postgresql is an handy way (at least for me). -- Roberto De Ioris http://unbit.it _______________________________________________ uWSGI mailing list [email protected] http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
