-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, I have got a pull request [1] that implements installing iotop-c with the NET_ADMIN capability by default and I am trying to evaluate if that is OK or not. Currently iotop-c will only allow to be run as root. In case it is run as some other user, it will advise to use sudo, or alternatively add the NET_ADMIN capability to the binary: sudo setcap 'cap_net_admin+eip' <path-to>/iotop Obviously that will have to be redone after each update, adding some inconvenience for admins who decide to allow that for non-root users. I have never considered installing it suid - that would be an overkill and may introduce security problems. I always use it as root and have never given that too much thought, also never before did deep analyses of the consequences of the above setcap. Here is a brief list of the consequences of allowing non-root users to run it by the setcap: - - Process IO usage will be exposed [maybe OK] - - Process list and command lines will be exposed (same as other tops) [safe] - - Re-nicing own processes to rt/* will not work [safe] - - Re-nicing non-own processes will not work [safe] - - task_delayacct sysctl toggle (Ctrl-T) will not work [safe] - - There are no other networking operations besides TASKSTATS from NETLINK_GENERIC that would allow the unprivileged user do privileged tasks via the higher capped binary [safe] As a summary it seems that accepting the PR is 99% OK, but I'd prefer to get more opinions before doing so. With best regards, b. [1] https://src.fedoraproject.org/rpms/iotop-c/pull-request/1 -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEumC8IPN+WURNbSUAE2VyCRPS8i0FAmIRkDEACgkQE2VyCRPS 8i32ww//dRzxVtff8+8qQ2ujLwf49ZigGdawkgdnJRuE+0oBDV30yycENblSLNWB 8FlidJcA+ZkoWf9WyoRvXydPcnuEhsr7y9UxyS/XA6l4iHHpUn7SJ/i79KAmVb8J uuyWDBa23fZ4P22fy8/EklCzACWDeiYwS/jv+fwr8oLjEZ6nG+kjmMDIx5I2oA8J vAfhCRLSTBXTQnWRs9MMxMIjQ9dcTvzOdv8ZPq+lVJuG6xrinLrH00XWLmDC7Dgh /Ie2hvuHFCmId8BBAN5I47bh57ly4aZH0QKVpQL7x5bOYJDF1R27NHW660MxFZay 4xCZwYkLBcUtcm9R9SG8cZCd0nDptMRwmpvxu26QgFFl5hJgngdq4xmp3xsS/W2Y JmQ7eTB+ypCVzd0QiQNHIfP1I+6NQbbakA+YIfiT9Uk1Z610IsO3cGW3tr2mSiBW 5/2fb2kU/vK4f2QPFwXJU8PYdJO/c9/zTFoRHomWG/MQx0zhNM8h0sK1tdxLp4V2 wuU/8wihpJx+rAofbmf2FrLowRYshiKqKeGYEWiWHLUAqWWKlBXkBiV5PY8l/YNx Ta8Kd9aK00aezFmYa3TOHQyJYBuChdp/zqYfhRfRveXKj3TJMRW9MlgDtvuXXfUu ukpSZWgR8twIhh+1QlS5rWZILIyVcdd0lNOSUYb2/i41bSREXkA= =EJ2s -----END PGP SIGNATURE----- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
