Opened 11 years ago

Last modified 6 years ago

#415 assigned Bug/Something is broken

limit scope of privilege within red

Reported by: https://id.mayfirst.org/dkg Owned by: https://id.mayfirst.org/jamie
Priority: Low Component: Tech
Keywords: red Cc:
Sensitive: no

Description

in #407, jamie wrote:

The red server, though, runs as root (that's how it creates new users, etc) so it will always be able to read keys.

It might be worthwhile at some point to separate out the privileges needed by the red server, and make them specific subcommands that only the red user can run. Those subcommands can then be made to run as the superuser, but the generalized network process itself could be given lower privileges.

djb's Some thoughts on security after 10 years of qmail paper is worth reading to start thinking in more detail about this type of privilege isolation.

Change History (2)

comment:1 Changed 6 years ago by https://id.mayfirst.org/ross

  • Status changed from new to assigned

comment:2 Changed 6 years ago by https://id.mayfirst.org/jamie

  • Priority changed from Medium to Low

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.