Re: Starting transient services securely from other service without root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2022-04-28 at 19:53 +0300, Mantas Mikulėnas wrote:
> That didn't stop many of them (including, apparently, systemd itself)
> from doing so anyway.
> 
> [...]
>
> I found a bugzilla about
> this: https://bugs.freedesktop.org/show_bug.cgi?id=80921
> 

Interesting. The issue also seems to be quite old meaning it's probably
not a problem in practise.


I've looked into it further and I've found another roadblock with
polkit. I don't think it is possible to write a rule, which would say
something like:

if (action == start transient service &&
   invokedByUser == 'knot-resolver' &&
   the service will have at most these capabilities &&
   the service will run as user 'knot-resolver')
      return YES

The second two quarters of the condition seem impossible. It seems that
only the unit name and a verb (start/stop/...) are provided to the
polkit rule, nothing more:
https://github.com/systemd/systemd/blob/6ef00eb846a89558ad46d2937addd8ea952b7062/src/core/dbus-util.c#L136-L139

So while the rule could allow us to start a new transient service
without root privileges, it wouldn't prevent us from running arbitrary
code as root. :(

Vašek



Attachment: smime.p7s
Description: S/MIME cryptographic signature


[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux