[PATCH] libmbim-glib,proxy: add a configure flag to set the UID of MBIM proxy
aleksander at aleksander.es
Wed Nov 5 10:49:04 PST 2014
On Wed, Nov 5, 2014 at 7:40 PM, Roshan Pius <rpius at chromium.org> wrote:
> Currently, the MBIM proxy process assumes that it is run as root UID and
> that all incoming client connection UIDs are also root.
> However, it's not always preferable to run the MBIM proxy as root for
> security reasons. On some platforms, the MBIM proxy could be constrained
> to run as a less-privileged user and specially granted the permission to
> access the MBIM device. So, adding a compile time flag in libmbim to check
> for the specified UID, rather than assume it to be the root UID. If the flag is
> not sent, it'll revert to the existing behaviour of checking for UID=0(i.e root)
Looks good, but, wouldn't it be better to instead of restricting to a
specific UID number, we restrict it to a given username? i.e. to later
retrieve the UID from username using getpwnam() and such.
More information about the libmbim-devel