* Roberto De Ioris <[email protected]> [2013-03-27 15:26]: > >> * Roberto De Ioris >> <[email protected]> [2013-03-27 >> 14:09]: >>> >>>> >>>> Could the new balcklist/whitelist options be used as an >>>> alternative to tyrant mode? I'm thinking of running the emperor >>>> with >>>> >>>> [uwsgi] >>>> uid = uwsgi >>>> gid = uwsgi >>>> umask = 022 >>>> pidfile = /var/run/uwsgi/uwsgi.pid >>>> daemonize = /var/log/uwsgi.log >>>> log-date = true >>>> emperor = /etc/uwsgi.d >>>> cap = setgid,setuid >>>> >>>> and then create for each user a root-owned file >>>> /etc/uwsgi.d/user-<username>.ini which only includes a user-owned >>>> file: >>>> >>>> [uwsgi] >>>> uid = <username> >>>> gid = <username> >>>> blacklist = uid gid >>>> ini = /home/<username>/uwgsi.ini >>>> end-blacklist = >>>> >>>> Would that be secure or am I overlooking any way for the user >>>> configuration to circumvent uid/gid? >>>> -- >>>> Guido Berhoerster >>>> >>> >>> a user could load a "malicious" plugin hooking itself just before >>> privileges drop, so you should disallow "plugin/plugins" too. >>> >>> From a security point of view it is not a good approach, as we could add >>> new options (or aliaes) you could overlook (and that should be >>> blacklisted) and so on. >> >> OK, I guess it is a suboptimal approach, I could use a whitelist >> instead but maintaining that would be tedious and difficult to >> get right. >> >>> >>> Any reason to not want tyrant mode ? I suppose managing file permissions >>> of vassal's file is the problem... >> >> Yes, I would prefer if it were more explicit. >> > > i understand the problem (expecially when you copy the vassals to remote > nodes). What about using alternative storages for configs ? For example > storing in postgresql is an handy way (at least for me).
That would be overkill in my case and it's not a huge problem. Thinking about it, would it be possible to determine file ownership in tyrant mode through lstat rather than stat? I suppose that would allow something like using --emperor='/home/*/uwsgi.ini' --emperor-tyrant safely? Currently it is a bit ugly that one has to create a root-owned container directory somewhere for vassal configuration files since one usually does not want user-owned files in /etc. -- Guido Berhoerster _______________________________________________ uWSGI mailing list [email protected] http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
