tincctl patches
Scott Lamb
slamb at slamb.org
Sat Nov 10 03:22:29 CET 2007
Guus Sliepen wrote:
> AIX? I didn't know tinc ran on that :)
I didn't either, but I'd like to head off any surprises if tinc is
ported to similar platforms in the future.
> Anyway, just go with the secured
> directory approach. The handshake is an option. Binding to < 1024 ports
> is not, because then you lose the ability to run tinc as a normal user.
Ahh, I hadn't realized that it could - I suppose by chmod/chowning
/dev/net/tun and running on a different port. Not a bad idea, really.
My change broke this - it requires the control socket to be accessible
only by root. Both tincd and tincctl will refuse to run now if tincd is
not root.
tincd could be easily changed to allow st_uid == getuid() as well as 0.
tincctl's behavior is a matter of security policy, and I don't know what
you want:
* require tincctl's getuid() to match tincd's getuid(). (not great
really...)
* remove the stat() checks entirely and place the burden on the
sysadmin. (fine with me)
* add a new commandline/configuration option
* let tincd start as root (keeping tincctl unmodified) and drop
privileges to a user/group specified in the configuration file
Personally, I leave my socket in /var/run/tinc.slamb.org.control/socket,
and if there's someone messing with the permissions there, I have bigger
problems.
More information about the tinc-devel
mailing list