Re: syscall: sys_promote

From: qiyong
Date: Sun Aug 28 2005 - 22:56:14 EST

Next message: Trond Myklebust: "Re: [PATCH] make radix tree gang lookup faster by using a bitmapsearch"
Previous message: qiyong: "Re: syscall: sys_promote"
In reply to: Erik Mouw: "Re: syscall: sys_promote"
Next in thread: Bernd Petrovitsch: "Re: syscall: sys_promote"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Erik Mouw wrote:

On Fri, Aug 26, 2005 at 05:25:37PM +0800, Coywolf Qi Hunt wrote:

I just wrote a tool with kernel patch, which is to set the uid's of a running
process without FORK.

The tool is at http://users.freeforge.net/~coywolf/pub/promote/
Usage: promote <pid> [uid]

I once need such a tool to work together with my admin in order to tune my web
configuration. I think it's quite convenient sometimes.

The situations I can image are:

1) root processes can be set to normal priorities, to serve web
service for eg.

Most (if not all) web servers can be told to drop all privileges and
run as a normal user. If not, you can use selinux to create a policy
for such processes (IIRC that's what Fedora does).

In this way, it's that the web servers themselves drop the privileges, not forced by sysadmin. sys_promote is a new approach different from selinux or sudo. sys_promote is manipulating a already running process, while selinux or sudo is for the next launching process.

2) admins promote trusted users, so they can do some system work without knowing
the password

Use sudo for that, it allows even much finer grained control.

sudo may become a security problem. Sysadmin and the user don't like the user's account
always have priorities. My sysadmin Hommel says this to me:

[quote]

Alan is right, selinux can do things like that, but we don't want to
use selinux for only being able to "promote" root rights for some
simple job. To me it's more like a "one time sudo", and i consider it
generally useful on systems like zeus. Without the promote tool i'd
have to change some major parts in the system (implementing selinux
e.g.) or give permanent sudo/root permissions to a user.

[/quote]

3) admins can `promote' a suspect process instead of killing it.

Why would that change anything? You only change a process's UID,
nothing else. You don't change things like resource limits, so a
process started as root with unlimited limits is still allowed to use
those limits. AFAIK setrlimit() can't be used to change resource limits
of other processes.

Erik

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Trond Myklebust: "Re: [PATCH] make radix tree gang lookup faster by using a bitmapsearch"
Previous message: qiyong: "Re: syscall: sys_promote"
In reply to: Erik Mouw: "Re: syscall: sys_promote"
Next in thread: Bernd Petrovitsch: "Re: syscall: sys_promote"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]