Author: Edward Bartolo Date: To: Tobias Hunger CC: dng, aitor_czr Subject: Re: [DNG] netman GIT project
Actually, you can do away with using a root SUID for backend as that
was initially how netman was designed. However, there were complaints
that I was adding an extra dependency which simply was a dependency on
sudo being installed. Moreover, my initial proposal that worked, used
sudo in a way to only allow the backend to run; so, it was NOT
configured the way sudo is on Ubuntu.
Regarding the backend calling external processes, this is done through
execl and popen. Calls to external processes were modified as soon as
I uploaded my unfinished code the first time. There were justified
claims like yours, that there were security issues with my code. I
heeded those advices by actually letting other developers modify the
code so that, security would not be compromised.
Edward
On 08/09/2015, Tobias Hunger <tobias.hunger@???> wrote: > Am 08.09.2015 08:40 schrieb "Edward Bartolo" <edbarx@???>:
>> And:
>> backend's SUID will be changed to that belonging to root. (as root:
>> chmod u+s backend)
>
> Suid root is a huge security risk, especially when handling user input and
> when calling out to external processes. Your back end does both:-/
>
> So I am wondering: Is the network capability enough or do you really need
> the binary to be suid root?
>
> Best Regards,
> Tobias
>