[prev in list] [next in list] [prev in thread] [next in thread]
List: systemd-devel
Subject: Re: [systemd-devel] Starting transient services securely from other service without root
From: Vašek_Šraier <vaclav.sraier () nic ! cz>
Date: 2022-04-28 17:47:29
Message-ID: c3f93fda269ee22aa33aa407e1bb74d73a4c3b64.camel () nic ! cz
[Download RAW message or body]
On Thu, 2022-04-28 at 19:53 +0300, Mantas Mikulėnas wrote:
> That didn't stop many of them (including, apparently, systemd itself)
> from doing so anyway.
>
> [...]
>
> I found a bugzilla about
> this: https://bugs.freedesktop.org/show_bug.cgi?id=80921
>
Interesting. The issue also seems to be quite old meaning it's probably
not a problem in practise.
I've looked into it further and I've found another roadblock with
polkit. I don't think it is possible to write a rule, which would say
something like:
if (action == start transient service &&
invokedByUser == 'knot-resolver' &&
the service will have at most these capabilities &&
the service will run as user 'knot-resolver')
return YES
The second two quarters of the condition seem impossible. It seems that
only the unit name and a verb (start/stop/...) are provided to the
polkit rule, nothing more:
https://github.com/systemd/systemd/blob/6ef00eb846a89558ad46d2937addd8ea952b7062/src/core/dbus-util.c#L136-L139
So while the rule could allow us to start a new transient service
without root privileges, it wouldn't prevent us from running arbitrary
code as root. :(
Vašek
["smime.p7s" (application/pkcs7-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic