> * Roberto De Ioris <[email protected]> [2013-03-27 > 15:26]: >> >>> * Roberto De Ioris >>> <[email protected]> >>> [2013-03-27 >>> 14:09]: >>>> >>>>> >>>>> Could the new balcklist/whitelist options be used as an >>>>> alternative to tyrant mode? I'm thinking of running the emperor >>>>> with >>>>> >>>>> [uwsgi] >>>>> uid = uwsgi >>>>> gid = uwsgi >>>>> umask = 022 >>>>> pidfile = /var/run/uwsgi/uwsgi.pid >>>>> daemonize = /var/log/uwsgi.log >>>>> log-date = true >>>>> emperor = /etc/uwsgi.d >>>>> cap = setgid,setuid >>>>> >>>>> and then create for each user a root-owned file >>>>> /etc/uwsgi.d/user-<username>.ini which only includes a user-owned >>>>> file: >>>>> >>>>> [uwsgi] >>>>> uid = <username> >>>>> gid = <username> >>>>> blacklist = uid gid >>>>> ini = /home/<username>/uwgsi.ini >>>>> end-blacklist = >>>>> >>>>> Would that be secure or am I overlooking any way for the user >>>>> configuration to circumvent uid/gid? >>>>> -- >>>>> Guido Berhoerster >>>>> >>>> >>>> a user could load a "malicious" plugin hooking itself just before >>>> privileges drop, so you should disallow "plugin/plugins" too. >>>> >>>> From a security point of view it is not a good approach, as we could >>>> add >>>> new options (or aliaes) you could overlook (and that should be >>>> blacklisted) and so on. >>> >>> OK, I guess it is a suboptimal approach, I could use a whitelist >>> instead but maintaining that would be tedious and difficult to >>> get right. >>> >>>> >>>> Any reason to not want tyrant mode ? I suppose managing file >>>> permissions >>>> of vassal's file is the problem... >>> >>> Yes, I would prefer if it were more explicit. >>> >> >> i understand the problem (expecially when you copy the vassals to remote >> nodes). What about using alternative storages for configs ? For example >> storing in postgresql is an handy way (at least for me). > > That would be overkill in my case and it's not a huge problem. > Thinking about it, would it be possible to determine file > ownership in tyrant mode through lstat rather than stat? I > suppose that would allow something like using > --emperor='/home/*/uwsgi.ini' --emperor-tyrant safely? Currently > it is a bit ugly that one has to create a root-owned container > directory somewhere for vassal configuration files since one > usually does not want user-owned files in /etc. > -- > Guido Berhoerster
Yes, i think --emperor-tyrant-use-symlink/--emperor-tyrant-lstat would be a good option to have -- Roberto De Ioris http://unbit.it _______________________________________________ uWSGI mailing list [email protected] http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
