[Rack] Baron Security
Jonathan Lassoff
jof at thejof.com
Tue Jan 22 20:02:40 UTC 2013
I switched it back to running as root, for now.
--j
On Tue, Jan 22, 2013 at 12:01 PM, Michael C. Toren <mct at toren.net> wrote:
> On Tue, Jan 22, 2013 at 11:40:13AM -0800, Jonathan Lassoff wrote:
> > I think that user "baron" should have access to this by being in the
> > "dialout" group.
> >
> > `--> id baron
> > uid=31516(baron) gid=100(users) groups=100(users),20(dialout),124(barons)
> >
> > `--> ls -l /dev/ttyS5
> > crw-rw---- 1 root dialout 4, 69 Jan 22 11:37 /dev/ttyS5
>
> The baron process isn't in the dialout group, though. upstart needs to
> call setgroups() to add it to the supplementary groups before dropping root
> privileges. Unfortunately, it looks like upstart lacks that capability:
>
> https://bugs.launchpad.net/upstart/+bug/812870
>
> (We could write a silly little C program to run as root that would call
> setgid(), setgroups(), and setuid() before exec()ing baron, but I suspect
> there's some standard-ish utility that does this already which we could
> utilize.)
>
> -mct
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/rack/attachments/20130122/81fcf338/attachment-0003.html>
More information about the Rack
mailing list