[patch] Add setuid helper
Havoc Pennington
hp at redhat.com
Mon Jun 18 08:04:55 PDT 2007
Hi,
Richard Hughes wrote:
> Patch attached adds the setuid helper for system activation. It also
> moves the definitions of the key names in the service files to a better
> location.
>
Some comments:
- it is not necessary to use an underscore prefix on static functions
- I think there may be a STARTER_BUS_TYPE that goes with
STARTER_BUS_ADDRESS (?)
- we are kind of randomly mixing dbus wrappers (_dbus_getenv(), etc.)
with direct API usage (clearenv(), etc.)
The dbus wrappers have two supposed purposes:
- abstraction of any portability issues
- the "vsftpd" security rationale which may be in HACKING or
somewhere; to safety-ize APIs by making them use DBusString
for example, and to generally be able to audit all use of
system libs
Portability issues are minimal here since we are only worried about
unix, but there may be some small ones perhaps.
I'm not sure what to do in this context, on one level it is easier
to audit the suid helper if it has no dependencies at all (no
wrappers), but that isn't achievable since it's using all the
dbus infrastructure (parsers, DBusString, etc.), so maybe we should
go ahead and do things the full "dbus way" and use only wrappers.
Havoc
More information about the dbus
mailing list