Project

General

Profile

Actions

Bug #388

closed

appmgr should be running applications as non-root user

Added by Hammel about 10 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Immediate
Assignee:
Category:
-
Target version:
Start date:
02 Oct 2014
Due date:
% Done:

100%

Estimated time:
Severity:
03 - Medium

Description

There will be applications that run as root and those that run as a privileged user. The appmgr should run the non-privileged apps similar to this stackexchange description

Actions #1

Updated by Hammel about 10 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 50

This was easy to implement and the clock and videofe apps work fine. But the network config utility will need to run as root in order to update configuration files. So the appmgr will need special handling for this app. But that sort of handling should be generalized so I can run others the same way.

I need to devise a way to define a privileged set of apps.

Actions #2

Updated by Hammel about 10 years ago

A very simplistic method that is probably not secure:
  1. appmgr is packaged with a list of app names that are privileged
    1. List is 400 and stored in /etc/appmgr.priv
  2. loadConfig() reads priv list and stores in a link list
  3. in startNew(), in child
    1. dup argv(0)
    2. split into tokens using path character ("/")
    3. Find last token
    4. Test if token is in privileged list
      1. Yes: don't switch to user=nobody.nobody
      2. No: switch to user=nobody.nobody
    5. free dup

Initial list includes only bui-network-config

Actions #3

Updated by Hammel about 10 years ago

  • Project changed from PiBox to appmgr
  • Category deleted (04 - Applications)
Actions #4

Updated by Hammel about 10 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 50 to 100

Simplified the design to just have the full path in the priv configuration file. That way there is no need to dup and tokenize the command. The command provided to appmgr must match exactly to the privileged configuration in order to run as a privileged user.

This was tested on the target and works. The code is committed and pushed upstream.

Closing issue.

Actions

Also available in: Atom PDF