On Mon, Jan 15, 2018 at 3:37 PM, Adam Williamson <adamwill@xxxxxxxxxxxxxxxxx> wrote: > On Mon, 2018-01-15 at 10:53 -0500, Steve Dickson wrote: > >> Googling 'linux nobody uid' it appears nobody is a uid used by apps >> that don't want to run as root. In case they got hacked the would >> not have root privileges, but with SElinux around I think that >> problem has been solve. > > This seems a bit hand-wavy to me. We believe in many layers of security > and good practices at every level, yes? Just running things as root and > trusting SELinux to restrict their privileges seems like a very airy- > fairy way of operating, if that's what you're suggesting. This is especially true because in development environments, it is a very common practice to disable SELinux or set it to "permissive" and only activate and tune it after development is complete. I've particularly seen this in MacBook using Java developers: their OS does not support SELinux, and they only bother with SELinux, if they bother, with the simplest possible rules to get their project working. SELinux can be useful, but can fail outright, even in security sensitive environments, for just these reasons. > I'm fairly sure *lots* of daemons in Fedora still drop root privileges > early in operation, and this is still widely considered to be good > practice. Quite a few have their own unprivileged account to use for > this purpose (which is also used to own files they need access to, > etc.), but some may still run as 'nobody'. If this could be affected by > the Change, it should probably be looked into... This seems to be good reasoning. The idea that "nobody" might be used by multiple daemons is.... well, it's troubling. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
