Author: Simon Hobson Date: To: dng Subject: Re: [DNG] systemd allows elevated access from unit files?
Olaf Meeuwissen <paddy-hack@???> wrote:
> No idea whether systemd services run by non-system users makes sense but
> then again, lots of systemd probably doesn't make much sense.
Do you mean "systemd service" as in "something that's part of systemd"; or do you mean "something that's run by systemd" ?
Assuming the latter, doesn't lots of software run as non-system users - as a basic part of good security practice ?
I know some stuff (postfix, apache) starts as root and then drops privileges for some/all of itself. Others just start as a non-privileged user to start with (BIND) - is this actually done in the script when using sysv, or does the daemon have to do it itself ? I admit I only have a basic grasp of the details here.
But thinking a bit more about the issue ...
Yes, this is a bug, and yes it shows the systemd people (especially LP) up for the disdain they show for the basics of security, good/defensive programming, etc.
But, sysv-init has much the same issue in that there's a shell script run as root, and if the user is able to manipulate that then he is able to do things he shouldn't be able to. Playing devil's advocate, there's an argument that the "complexity" of typical sysv scripts (at least as shipped with distros like Debian) makes it a non-trivial task to spot something slipped into the script.