Am 11.10.2010 18:23, Gilles Chanteperdrix wrote: > Jan Kiszka wrote: >> Am 11.10.2010 18:11, Anders Blomdell wrote: >>> We are planning to extend our use of xenomai to a wider audience at our >>> department, and therefore I would like to know which is the better way to >>> let >>> users run xenomai programs with a minimum of system privileges, the >>> possibilities I can see are: >>> >>> 1. Let the user run anything as root; simple but obviously a security >>> nightmare. >>> 2. Write a suid program that let's its children inherit the right >>> capabilities >>> and then does a seteuid and does an execve; unfortunately this implies that >>> the >>> program that is execve'd has the right capabilties set [which has to be >>> done by >>> the suid program as well], and this can only be done on filesystems that can >>> have extended attributes (i.e. no FAT, NFS, etc). >>> 3. Write a suid program that drops all unneeded privileges and then use >>> dlopen >>> and friends to execute the user code. >>> >>> I guess that there exists better ways, so somebody please enlighten me. >>> >> >> A bit better, but not perfect: >> >> http://www.xenomai.org/index.php/Non-root_RT >> >> Combining this with mediated hardware access (robust drivers) and >> enabling the Xenomai watchdog should provide a reasonably safe&secure >> environment. > > AFAIK, the BIG FAT warning at the bottom of this page still applies. You > can make an environment with no hardware lockups, but secure, I do not > think so. We do not know how Xenomai APIs could be exploited for a > non-root user to become root.
For sure, no one audited the interface for security so far. There is no hole in design that comes to my mind ATM, but I would be surprised as well if you couldn't develop any exploit for some bug or missing check. Still, there is a huge difference between giving anyone root access and confining Xenomai access this way. Jan -- Siemens AG, Corporate Technology, CT T DE IT 1 Corporate Competence Center Embedded Linux _______________________________________________ Xenomai-help mailing list [email protected] https://mail.gna.org/listinfo/xenomai-help
