[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNUnet-developers] GNS changes
|
From: |
Christian Grothoff |
|
Subject: |
Re: [GNUnet-developers] GNS changes |
|
Date: |
Thu, 23 Feb 2017 12:26:07 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Icedove/45.6.0 |
On 02/23/2017 11:29 AM, ng0 wrote:
>>
>> 1) GNS service must run as user 'gnunet', as it needs to access the
>> 'dns' service, which is UID-restricted in the strict security model; at
>> the same time, GNS service with shortening OR reverse lookup needs to
>> run as $USER as it needs access to namestore (which is per-user). Eh,
>> great, how am I supposed to setup my permissions again? So by NOT
>> having those two functions in GNS, I fix this BIG problem. (Note that
>> moving the 'publish GNS zone to DHT' into 'zonemaster' earlier, I
>> removed the remaining namestore dependency of GNS.)
> Does this mean that the previous requirement of a unix group "gnunetdns"
> is gone as well?
>
Nope, that's still there. That is why gnunet-service-gns must run as
*user* "gnunet", so it can access the user-gnunet-restricted but SGID
gnunet-service-dns, which is SGID to "gnunetdns" so that it can start
the group-gnunetgns-exec-restricted gnunet-helper-dns (which itself is
SUID).
So access-wise:
$USER in group 'gnunet' can access GNS (GID-limited UNIX domain socket)
GNS as user 'gnunet' can access DNS (UID-limited UNIX domain socket)
DNS as group 'gnunetdns' can access DNS-HELPER (chmod-limited binary)
DNS-HELPER as user 'root' can intercept and modify DNS traffic
The latter is something we need to keep out of $USER's hands, DNS
exposes the functionality, but GNS restricts it to ".gnu" and ".zkey"
TLDs, making it "sane" to have.
signature.asc
Description: OpenPGP digital signature