Subject: [linux-audio-dev] Root powers (was: Lowish-latency test results with kernel 2.4.0-test4)
From: Tommi Ilmonen (tilmonen_AT_cc.hut.fi)
Date: Fri Aug 04 2000 - 16:41:42 EEST
On Fri, 4 Aug 2000, Juhana Sadeharju wrote:
> >From: Tommi Ilmonen <tilmonen_AT_cc.hut.fi>
> >
> >1) Lock memory
>
> 0) How to run a program with temporary root priviledges from user's account?
>
> As soon as the audio engine is running as forked process, I would like to
> drop root-priviledges. Alternatively I could run a completely separate
> audio engine from root account. In that case all connections would happen
> through a socket.
I don't like the situation either. Anyways, this is benchmarking.
--Capabilities would be the way to go. In general I want the RT-app to be as close to normal user-space app as possible. Running things as root is of course horrible - capabilities would be better. In particular a combination of a plugin-based system where user can upload new binary to the code and root-privileges throws away any security the system might have had.
There are a few problems with the capability approach:
1) It is rather difficult to find documentation about how to use them.
2) Looking at "capability.h" one realizes that the capabilities are not sufficiently fine-grained for many cases.
What I'd like to do (=what I am prepared to do at some stage):
0.1) Start the app with root privileges (either with suid or sudo) 0.2) Lock memory 0.3) Get the necessary capibilities to get RT-priority and high RTC-frequencies later on. 0.4) Drop super user priotities
This would be simplified if I could simply attach the necessary capabilities to the binary.
After this the user can still do great damage to the system, but at least some of root's powers are gone (total access to arbitrary files etc).
PS: I tought I could use external mini-apps to grant certain privileges as needed, but this is not really a viable approach with Linux.
Tommi.
This archive was generated by hypermail 2b28 : Fri Aug 04 2000 - 17:37:16 EEST