Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 27 Oct 2019 23:27:30 +0000
From: "Laurent Bercot" <ska-dietlibc@...rnet.org>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] remaining steps for time64 switchover


  Hi Matias,

  There is a run-time requirement for s6, but it's not an absolute one:
the utmps-utmpd and utmps-wtmpd programs simply rely on an interface
provided by s6-ipcserver(d). If you can provide the same interface,
you can do without s6.

  utmps-utmpd and utmps-wtmpd expect:
  - to be launched via an inetd-like listening on the configured Unix
domain socket, with stdin reading from the client and stdout writing
to the client.
  - some environment variables:
    * PROTO must be set to IPC.
    * IPCREMOTEEUID must be set to the effective uid of the client.
    * IPCREMOTEEGID must be set to the effective gid of the client.
    Those last two are obtained on Linux via a struct ucred and the
SO_PEERCRED option to getsockopt(). You can't fake that, it's the
very reason why utmps is secure.

  Of course, you could also package s6 in Dragora. If you already have
a perp supervision tree, you don't even have to run a s6 one. On the
other hand, that's a risky proposition, because you might end up liking
it and wanting to use it more. %-)

--
  Laurent

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.