Autor: Simon Hobson Datum: To: dng@lists.dyne.org Betreff: Re: [DNG] systemd allows elevated access from unit files?
Olaf Meeuwissen <paddy-hack@???> wrote:
>> But, sysv-init has much the same issue in that there's a shell script
>> run as root,
>
> I beg to differ. If you try to run a service as user '0day' from a
> sysv-init script, then you get the behaviour of implemented by
>
> - that service if it has provisions for running as a certain user
> - the wrapper that handles running something as a certain user,
> e.g. start-stop-daemon
>
> I don't know what that behaviour is but sure hope it won't decide to
> run as root if you try to run something with a "funny" name.
Sorry, my bad wording there. I wasn't thinking of the "doesn't match what I'm wanting so do something stupid" case, I was thinking more of (as was hypothesised) a user getting the admin to install a system startup script/config file and getting root privileges because the admin didn't spot something.
In the case that started this thread, the user does it by having a valid ID that systemd doesn't think is valid; in the sysv-init case, potentially by obfuscating something into the init script. I'm thinking in terms of making it look like start-stop-daemon is being told to use the user's ID, but perhaps through some obscure code, the user has reset the variable between it being set at the top of the script and it being used. And the script is run as root so there's scope for malpractice before the service itself is started even if it is with the right user privileges.
Certainly not in the same category, but there's scope for issues if the admin isn't careful.
>> and if the user is able to manipulate that then he is able to do
>> things he shouldn't be able to. Playing devil's advocate, there's an
>> argument that the "complexity" of typical sysv scripts (at least as
>> shipped with distros like Debian) makes it a non-trivial task to spot
>> something slipped into the script.
>
> Perhaps the complexity came about as the result of trying to make one
> size fit all init systems or maybe over-engineering but, to be honest, I
> don't find the 65 /etc/init.d/* files (not counting README and skeleton)
> on my system to be too complex.
Indeed. I don't think it's the number of scripts, but the length and complexity of some of them. IMO systemd really isn't any less complex - it's just that they've moved the complexity into a binary blob and thus reduced the flexibility.
I don't think I'll get much argument that sysv-init scripts allow a great deal of freedom and flexibility (including adding debugging statements such as "echo 'I got here' >> /tmp/myscriptlog") !