Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] OT Re: Solved: Re: centos 7 problem
- Date: Mon, 06 Apr 2015 14:54:30 -0400
- From: Richard Pieri <ratinox@xxxxxxx>
- Subject: Re: [HTCondor-users] OT Re: Solved: Re: centos 7 problem
On 4/6/15 2:30 PM, Dimitri Maziuk wrote:
> So either every program that does a double-fork must start as root,
> open all the files it needs, then immediately drop privileges, or
> it must create its transient files in TMPDIR instead of /var/run. I
> see an easy way to fix bad code.
It's not about writing files. It's about running as UID 0. Running
full-time as root means that when the daemon is compromised it's a
root compromise. Dropping privileges to a "pet" UID makes it harder,
at least in principle, to achieve a root compromise through that
daemon. But you already knew that.
--
Rich Pieri <ratinox@xxxxxxx>
MIT Laboratory for Nuclear Science