On 12.2.2021 4.31, Davis Roman wrote:
Hello,
I've been tasked to take a large application mostly written in C which
had previously always run as root and now run it under dynamic user.
My goal is to follow the "principle of least privilege" and figure out
all the necessary individual privileges I need to provide so that it
continues to work normally as before.
I'm sure I can use a trial and error approach that would involve running
the unprivileged application, inspecting error, granting needed
privilege, rinse, wash and repeat until all errors are resolved
but I'm wondering if there is a more systematic approach that involves
inspecting the code base and figuring out all needed privileges needed
to get the application to work properly?
Code base inspection may not present the complete picture easily since
libraries may also invoke privileges and they may also call further
libraries, plugins etc. Test-based approach is not great either, since
if the test run misses a use case, the privileges for that may be left out.
Once upon time, I tried to automate generating systemd configuration
from test runs with some help from kernel using SystemTap. It may need
some updating:
https://github.com/topimiettinen/systemd-settings-generator.git
But a problem with kernel's debugging interfaces is that they don't seem
to remain very stable and for some interfaces, performance may not be
good enough. Maybe a more stable and performant model would be to
intercept the LSM interface directly. This "systemd-lsm" could store the
state inside the kernel (no need for I/O) and it could produce systemd
configuration after the service finished with netlink (for speed) or
/proc interface (for text).
-Topi
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
