set user id for service ?
Scott James Remnant
scott at netsplit.com
Tue Sep 19 17:46:01 PDT 2006
On Tue, 2006-09-19 at 15:43 -0400, David Zeuthen wrote:
> On Sat, 2006-09-16 at 01:48 +0100, Scott James Remnant wrote:
> > GNOME Power Manager is an example of something that does one thing,
> > dealing with power management, and does it well.
>
> One question: how can you trust the events that g-p-m would send to
> upstart are genuine? Ie. how do you ensure that they don't come from a
> malicous attacker? Seems like you can't do this securely...
>
If an malicious attacker has root, you already have bigger problems.
One of the reasons upstart has its own IPC is so that it can obtain the
pid and, more importantly, uid of the process sending the message.
It never runs anything the requester doesn't have permission,
themselves, to run.
> > The one thing that it cannot do, at least with the current design (and
> > I've no plans, unless someone wants it), is:
> >
> > * start a service or task inside an existing user's existing session
> >
> > I'd argue that's the job of the session manager; or volume manager,
> > which appears to be doing a lot of this kind of thing.
>
> Right. That's, for example, why I filed
>
> http://bugzilla.gnome.org/show_bug.cgi?id=333031
>
> for g-p-m to run user scripts when significant events happen.
>
I would say that this is an excellent example of where upstart slots in.
Why do we need yet _another_ *.d directory, with yet more semantics
about how it works?
Why does yet another daemon need to gain the ability to iterate scripts,
with yet more naming semantics (ie. ignoring *.dpkg-old) and having the
same bugs that others do, such as leaking file descriptors, not killing
or reaping the process correctly, and so on.
g-p-m should arrange for upstart to be notified of the event, probably
just through the dbus messages that announce these changes, and let the
dedicated service/task manager process take care of running the scripts.
Scott
--
Have you ever, ever felt like this?
Had strange things happen? Are you going round the twist?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.freedesktop.org/archives/dbus/attachments/20060920/558329ae/attachment.pgp
More information about the dbus
mailing list