Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 28 Oct 2019 18:31:27 -0300
From: Matias Fonzo <selk@...gora.org>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] remaining steps for time64 switchover

Hi Laurent,

Thanks for the explanation and to give more details about it.  :-)

El 2019-10-27 20:27, Laurent Bercot escribió:
> 
>  There is a run-time requirement for s6, but it's not an absolute one:
> the utmps-utmpd and utmps-wtmpd programs simply rely on an interface
> provided by s6-ipcserver(d). If you can provide the same interface,
> you can do without s6.
> 
>  utmps-utmpd and utmps-wtmpd expect:
>  - to be launched via an inetd-like listening on the configured Unix
> domain socket, with stdin reading from the client and stdout writing
> to the client.
>  - some environment variables:
>    * PROTO must be set to IPC.
>    * IPCREMOTEEUID must be set to the effective uid of the client.
>    * IPCREMOTEEGID must be set to the effective gid of the client.
>    Those last two are obtained on Linux via a struct ucred and the
> SO_PEERCRED option to getsockopt(). You can't fake that, it's the
> very reason why utmps is secure.
> 
>  Of course, you could also package s6 in Dragora. If you already have
> a perp supervision tree, you don't even have to run a s6 one. On the
> other hand, that's a risky proposition, because you might end up liking
> it and wanting to use it more. %-)
> 
> --
>  Laurent

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.