[ITP] libsuexec 1.0

[Achim Gratz]

D. Boland writes:
>> I still think you should name it differently.  Marco has already mixed
>> it up with Apache suexec…
>
> The idea kind of was to mix it up, so people will know what it does.

Apache suexec is concerned with running new processes as a different
user, so both the "su" and the "exec" part of the name make sense.

Your library is concerned with inserting itself into certain calls to
swap uid/gid so programs expecting a fixed mapping of some uid/gid to
certain capabilities (roughly associated with the concept of a root
user) work without the actual source getting patched on a system where
those assumptions aren't true.  Looks like different thing to me and
giving it a different name surely wouldn't hurt.

> I noticed that you and other people already declare the user switching
> technique half dead. It's a brilliant idea, you know. Because of its
> simplicity.

I did nothing of that sort.  I said that the assumptions some of those
programs make aren't true on many systems and have not been for a long
time.

> It's even patented. By referring to the Apache executable
> I give the technique the glory and attention it deserves.

Attaching to unrelated projects' names for glory is a surefire way to
rile those projects up and sow confusion among users on both sides.

> So most people are thinking 'Capabilities' nowadays... Sigh. This will
> only steer admins away from finding out how user switching works and
> applying it. Instead they will just run entire server processes as
> admin-users.

Again, running applications with the least privileges needed for a given
task is a tried and valid concept.  SWitching uid/gid to achieve that is
an implementation detail that is not relevant to all systems.  Give
SELinux a spin and then come back to me.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

DIY Stuff:
http://Synth.Stromeko.net/DIY.html