Hi Boian, On February 20, 2022 12:49:53 AM UTC, Boian Bonev <bbonev@xxxxxxxxxx> wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 > >Hello, > >I have got a pull request [1] that implements installing iotop-c with the >NET_ADMIN capability by default and I am trying to evaluate if that is OK or >not. > >Currently iotop-c will only allow to be run as root. In case it is run as some >other user, it will advise to use sudo, or alternatively add the NET_ADMIN >capability to the binary: > >sudo setcap 'cap_net_admin+eip' <path-to>/iotop > >Obviously that will have to be redone after each update, adding some >inconvenience for admins who decide to allow that for non-root users. This is not really an answer to the security question, but if that remains unresolved, you could also introduce a sub package to iotop-c, that would contain a transaction file trigger on the binary and add the capability. Thus user would be able to opt into having iotop-c with the added capability even after upgrades, as long as the sub package is installed. > I have >never considered installing it suid - that would be an overkill and may >introduce security problems. I always use it as root and have never given that >too much thought, also never before did deep analyses of the consequences of >the above setcap. > >Here is a brief list of the consequences of allowing non-root users to run it >by the setcap: > >- - Process IO usage will be exposed [maybe OK] >- - Process list and command lines will be exposed (same as other tops) [safe] >- - Re-nicing own processes to rt/* will not work [safe] >- - Re-nicing non-own processes will not work [safe] >- - task_delayacct sysctl toggle (Ctrl-T) will not work [safe] >- - There are no other networking operations besides TASKSTATS from >NETLINK_GENERIC that would allow the unprivileged user do privileged tasks via >the higher capped binary [safe] > >As a summary it seems that accepting the PR is 99% OK, but I'd prefer to get >more opinions before doing so. > >With best regards, >b. > >[1] https://src.fedoraproject.org/rpms/iotop-c/pull-request/1 >-----BEGIN PGP SIGNATURE----- > >iQIzBAEBCgAdFiEEumC8IPN+WURNbSUAE2VyCRPS8i0FAmIRkDEACgkQE2VyCRPS >8i32ww//dRzxVtff8+8qQ2ujLwf49ZigGdawkgdnJRuE+0oBDV30yycENblSLNWB >8FlidJcA+ZkoWf9WyoRvXydPcnuEhsr7y9UxyS/XA6l4iHHpUn7SJ/i79KAmVb8J >uuyWDBa23fZ4P22fy8/EklCzACWDeiYwS/jv+fwr8oLjEZ6nG+kjmMDIx5I2oA8J >vAfhCRLSTBXTQnWRs9MMxMIjQ9dcTvzOdv8ZPq+lVJuG6xrinLrH00XWLmDC7Dgh >/Ie2hvuHFCmId8BBAN5I47bh57ly4aZH0QKVpQL7x5bOYJDF1R27NHW660MxFZay >4xCZwYkLBcUtcm9R9SG8cZCd0nDptMRwmpvxu26QgFFl5hJgngdq4xmp3xsS/W2Y >JmQ7eTB+ypCVzd0QiQNHIfP1I+6NQbbakA+YIfiT9Uk1Z610IsO3cGW3tr2mSiBW >5/2fb2kU/vK4f2QPFwXJU8PYdJO/c9/zTFoRHomWG/MQx0zhNM8h0sK1tdxLp4V2 >wuU/8wihpJx+rAofbmf2FrLowRYshiKqKeGYEWiWHLUAqWWKlBXkBiV5PY8l/YNx >Ta8Kd9aK00aezFmYa3TOHQyJYBuChdp/zqYfhRfRveXKj3TJMRW9MlgDtvuXXfUu >ukpSZWgR8twIhh+1QlS5rWZILIyVcdd0lNOSUYb2/i41bSREXkA= >=EJ2s >-----END PGP SIGNATURE----- >_______________________________________________ >devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx >To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx >Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx >Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
