* Roberto De Ioris <[email protected]> [2013-03-27 15:57]: > >> * Roberto De Ioris >> <[email protected]> [2013-03-27 >> 15:26]: >>> >>>> * Roberto De Ioris >>>> <roberto-5kdoxzqkugi-xmd5yjdbdmrexy1tmh2ibg-xmd5yjdbdmrexy1tmh2...@public.gmane.org> >>>> [2013-03-27 >>>> 14:09]: >>>>> >>>>>> >>>>>> Could the new balcklist/whitelist options be used as an >>>>>> alternative to tyrant mode? I'm thinking of running the emperor >>>>>> with >>>>>> >>>>>> [uwsgi] >>>>>> uid = uwsgi >>>>>> gid = uwsgi >>>>>> umask = 022 >>>>>> pidfile = /var/run/uwsgi/uwsgi.pid >>>>>> daemonize = /var/log/uwsgi.log >>>>>> log-date = true >>>>>> emperor = /etc/uwsgi.d >>>>>> cap = setgid,setuid >>>>>> >>>>>> and then create for each user a root-owned file >>>>>> /etc/uwsgi.d/user-<username>.ini which only includes a user-owned >>>>>> file: >>>>>> >>>>>> [uwsgi] >>>>>> uid = <username> >>>>>> gid = <username> >>>>>> blacklist = uid gid >>>>>> ini = /home/<username>/uwgsi.ini >>>>>> end-blacklist = >>>>>> >>>>>> Would that be secure or am I overlooking any way for the user >>>>>> configuration to circumvent uid/gid? >>>>>> -- >>>>>> Guido Berhoerster >>>>>> >>>>> >>>>> a user could load a "malicious" plugin hooking itself just before >>>>> privileges drop, so you should disallow "plugin/plugins" too. >>>>> >>>>> From a security point of view it is not a good approach, as we could >>>>> add >>>>> new options (or aliaes) you could overlook (and that should be >>>>> blacklisted) and so on. >>>> >>>> OK, I guess it is a suboptimal approach, I could use a whitelist >>>> instead but maintaining that would be tedious and difficult to >>>> get right. >>>> >>>>> >>>>> Any reason to not want tyrant mode ? I suppose managing file >>>>> permissions >>>>> of vassal's file is the problem... >>>> >>>> Yes, I would prefer if it were more explicit. >>>> >>> >>> i understand the problem (expecially when you copy the vassals to remote >>> nodes). What about using alternative storages for configs ? For example >>> storing in postgresql is an handy way (at least for me). >> >> That would be overkill in my case and it's not a huge problem. >> Thinking about it, would it be possible to determine file >> ownership in tyrant mode through lstat rather than stat? I >> suppose that would allow something like using >> --emperor='/home/*/uwsgi.ini' --emperor-tyrant safely? Currently >> it is a bit ugly that one has to create a root-owned container >> directory somewhere for vassal configuration files since one >> usually does not want user-owned files in /etc. >> -- >> Guido Berhoerster > > > Yes, i think --emperor-tyrant-use-symlink/--emperor-tyrant-lstat would be > a good option to have
Mabye --emperor-tyrant-nofollow? -- Guido Berhoerster _______________________________________________ uWSGI mailing list [email protected] http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
