From gogi-itk at gogi.tv  Tue Oct  2 11:29:11 2007
From: gogi-itk at gogi.tv (Giuliano Gagliardi)
Date: Tue, 2 Oct 2007 11:29:11 +0200
Subject: [mpm-itk] The root security issue
In-Reply-To: <200710021045.34422.gogi@gogi.tv>
References: <200709241903.58491.mailinglists@xgm.de>
	<20070924191701.GA21219@uio.no> <200710021045.34422.gogi@gogi.tv>
Message-ID: <200710021129.11835.gogi-itk@gogi.tv>

Hello,

I'm running mpm-itk, but I do not like that apache must run as root. The 
problem obviously cannot be solved on linux yet.

Then I thought that adding something like supplementary user ids (as already 
exists for groups) could solve the problem. Something like this has already 
been suggested on the lkml some years ago 
(http://lkml.org/lkml/1998/7/20/87).

Another solution has been suggested there: Credentials-passing via sockets, 
someone even wrote a patch (http://lkml.org/lkml/1999/4/15/159).

I do not understand why nothing was included in the kernel at that time. Maybe 
there are some fundamental flaws that I do not see? I would also like to know 
whether you like any of these solutions and whether it is advisable to raise 
this issue on lkml again.

Giuliano



From sgunderson at bigfoot.com  Tue Oct  2 11:42:14 2007
From: sgunderson at bigfoot.com (Steinar H. Gunderson)
Date: Tue, 2 Oct 2007 11:42:14 +0200
Subject: [mpm-itk] The root security issue
In-Reply-To: <200710021129.11835.gogi-itk@gogi.tv>
References: <200709241903.58491.mailinglists@xgm.de>
	<20070924191701.GA21219@uio.no> <200710021045.34422.gogi@gogi.tv>
	<200710021129.11835.gogi-itk@gogi.tv>
Message-ID: <20071002094214.GA25703@uio.no>

On Tue, Oct 02, 2007 at 11:29:11AM +0200, Giuliano Gagliardi wrote:
> there are some fundamental flaws that I do not see? I would also like to know 
> whether you like any of these solutions and whether it is advisable to raise 
> this issue on lkml again.

I'm sorry, but I don't really have the technical expertise to comment on any
of these specific proposals.

Having supplementary users would make mpm-itk be able to not run as (very
restricted) root, but it wouldn't solve any of the performance issues, as
we'd have to drop these supplementary users after reading the request, after
which we're back to the current status.

/* Steinar */
-- 
ITK-pang
http://www.sesse.net/