On Thu, Mar 29, 2012 at 06:45:18PM +0200, Petr Uzel wrote: > The drop_privs variable in main() was used to determine whether the > daemon will attempt to drop privileges (provided it has been installed > suid). As of now, it makes sense to drop the privileges each time it is > started. Therefore, this patch inverts the default value of drop_privs > to true, so that it does not need to be set in the getopt loop at > multiple places. > > Signed-off-by: Petr Uzel <petr.uzel@xxxxxxx> This breaks the configuration where libuuid starts uuidd if it's not available, since there the user process probably doesn't have access to write to /var/lib/libuuid/clock.txt, and so dropping the setgid privileges of uuid will cause it not to work. Also, if you're going to have a -K option to keep the privileges, there isn't much of a security benefit, since if there's a bug in uuidd, the attacker can always call uuidd with -K and and then attempt to exploint any problem that might be there. So it's not clear adding the ability to drop privileges is really all that functional; if uuidd is setuid/setgid, it's probably because it **needs** those privileges. - Ted -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
