:: Re: [DNG] snetaid debs...
Top Page
Delete this message
Reply to this message
Author: aitor
Date:  
To: dng
Subject: Re: [DNG] snetaid debs...
Hi Edward,

On 11/23/21 10:22 PM, Edward Bartolo via Dng wrote:
> Dear Aitor,
> There are no hard feelings from me, notwithstanding my project is now
> defunct. I would like to thank you for adopting it in your own way to
> modernise it so that it can be secure and enjoyed by everyone.
> Sincerily, thanks for all your time and dedication. Thanks to Devuan,
> I am using what was known as Debian without the burden of systemd.


You gave me the base to work upon. Didier Kryn also gave me some good ideas
working on hopman that have been really useful for simple-netaid.


> As you clearly indicate, the old version uses an SUID executable to
> get root privileges which is a security hole which Devuan did very
> well to close, even though it broke my latest version of
> simple-netaid-*. In my limited use case, I worked around the breakage
> by removing the GUI component and using only the backend as root. It
> works in my case, but other users may require more functionality,
> which thanks to people like you, they can have. Sincerily, THANKS for
> your time and effort.


Now the shared library sends a signal to the daemon as a reminder
for client connection requests to be listened to on the server socket.
The cap_kill linux capability allows the shared library to send this signal
to the daemon (a process running with root privilegies) and be successful.
And last the daemon gets the credentials from the received data before
going ahead with the task requested. Have a look at read_arguments() in
snetaid (lines 1056 - 1156):

https://gitea.devuan.dev/aitor_czr/snetaid/src/branch/master/src/main.c
<https://gitea.devuan.dev/aitor_czr/snetaid/src/branch/master/src/main.c>

> Regarding the idea of importing functionality from your libraries to
> let my latest version of simple-netaid-* connect without the
> requirement of an SUID tag, although it can be done, there is no need
> for Devuan, as users can already use your project.


I'm a bit stubborn, though :)

Cheers,

Aitor.