[PATCH] libmbim-glib,proxy: add a configure flag to set the UID of MBIM proxy
dcbw at redhat.com
Wed Nov 5 11:31:55 PST 2014
On Wed, 2014-11-05 at 19:49 +0100, Aleksander Morgado wrote:
> On Wed, Nov 5, 2014 at 7:40 PM, Roshan Pius <rpius at chromium.org> wrote:
> > Currently, the MBIM proxy process assumes that it is run as root UID and
> > that all incoming client connection UIDs are also root.
> > However, it's not always preferable to run the MBIM proxy as root for
> > security reasons. On some platforms, the MBIM proxy could be constrained
> > to run as a less-privileged user and specially granted the permission to
> > access the MBIM device. So, adding a compile time flag in libmbim to check
> > for the specified UID, rather than assume it to be the root UID. If the flag is
> > not sent, it'll revert to the existing behaviour of checking for UID=0(i.e root)
> Looks good, but, wouldn't it be better to instead of restricting to a
> specific UID number, we restrict it to a given username? i.e. to later
> retrieve the UID from username using getpwnam() and such.
I'd rather have this be a runtime option that takes a username/group
(which seems to be a much more common pattern than compile-time).
However, given that the proxy is spawned rather than started by the
initsystem, I guess that would require a config file?
More information about the libmbim-devel