On Mon, Jun 29, 2009 at 09:33:44PM -0400, Theodore Ts'o wrote:
>
> There was a very good reason why uuid state files were in
> /var/lib/libuuid instead of /var/run/uuidd. Some distributions wipe all
> of /var/run on reboot. The problem is for security reasons uuidd has to
> run as the libuuid user --- and the problem is directory needs to be set
I think the scenario when the library is starting the daemon is
very odd and should be reviewed ;-)
Is there any Linux distribution with the setuid uuidd? Suse and
Fedora/RHEL use init scripts and fork()+exec() in the library is
waste of time.
Try "strace -f uuidgen -t" .. so many syscalls and the final result
is EACCES.
It would be nice to check access to /var/run/uuidd (or
/var/lib/libuuid) before the exec() on all systems without setuid
uuidd.
What about
1/ remove fork()+exec() from the library at all
or
2/ add --enable-setuid-uuidd and #ifdef around exec(UUIDD_PATH)
Karel
--
Karel Zak <kzak@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe util-linux-ng" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
