Bug #388

appmgr should be running applications as non-root user

Added by Hammel about 3 years ago. Updated almost 3 years ago.

Status:ClosedStart date:02 Oct 2014
Priority:ImmediateDue date:
Assignee:Hammel% Done:

100%

Category:-
Target version:PiBox - 0.10.0
Severity:03 - Medium

Description

There will be applications that run as root and those that run as a privileged user. The appmgr should run the non-privileged apps similar to this stackexchange description

Associated revisions

Revision 942211a4
Added by Hammel almost 3 years ago

RM #388, RM #410: Fixed config file format to use name:value pairs. Added support for privileged apps.

History

#1 Updated by Hammel almost 3 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 50

This was easy to implement and the clock and videofe apps work fine. But the network config utility will need to run as root in order to update configuration files. So the appmgr will need special handling for this app. But that sort of handling should be generalized so I can run others the same way.

I need to devise a way to define a privileged set of apps.

#2 Updated by Hammel almost 3 years ago

A very simplistic method that is probably not secure:
  1. appmgr is packaged with a list of app names that are privileged
    1. List is 400 and stored in /etc/appmgr.priv
  2. loadConfig() reads priv list and stores in a link list
  3. in startNew(), in child
    1. dup argv(0)
    2. split into tokens using path character ("/")
    3. Find last token
    4. Test if token is in privileged list
      1. Yes: don't switch to user=nobody.nobody
      2. No: switch to user=nobody.nobody
    5. free dup

Initial list includes only bui-network-config

#3 Updated by Hammel almost 3 years ago

  • Project changed from PiBox to appmgr
  • Category deleted (04 - Applications)

#4 Updated by Hammel almost 3 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 50 to 100

Simplified the design to just have the full path in the priv configuration file. That way there is no need to dup and tokenize the command. The command provided to appmgr must match exactly to the privileged configuration in order to run as a privileged user.

This was tested on the target and works. The code is committed and pushed upstream.

Closing issue.

Also available in: Atom PDF