2
0

SECURITY 1.7 KB

12345678910111213141516171819202122232425262728293031
  1. Security concerns
  2. -----------------
  3. Dinit is designed to allow control by one system user. In the case of a system instance, this is
  4. the root user. Of course, the unix model allows users to change identity and so regular users can
  5. control a system dinit instance using sudo or su, for example.
  6. Essential security is enforced by the system, not by Dinit itself. The socket used to control
  7. dinit is owned by a particular user (the user who starts dinit) and the permissions on this socket
  8. are set so that only the owning user can connect to the socket. According to the Linux unix(7)
  9. manual page, "older" BSDs do not honour socket permissions; on such systems, presumably the
  10. permissions on the containing directory at least are checked (so it is necessary to place the
  11. socket in a directory that is inaccessible to non-root users to ensure secure operation). This
  12. does not appear to be a concern for the various current *BSD systems that I have looked at.
  13. In general it should be assumed that a process that is able to open the control socket (or
  14. otherwise obtain an open connection to the socket) will be able to execute arbitrary code as root
  15. (or rather, as the user which dinit is running as). That said, errors or missing checks in the
  16. control protocol handling which could cause unspecified or undefined behaviour are considered a
  17. security concern (since they potentially allow minor flaws in clients to become arbitrary code
  18. execution within the dinit daemon).
  19. Reporting security issues
  20. -------------------------
  21. Bearing the above in mind, any security issues in Dinit should be reported via email to:
  22. davmac@davmac.org
  23. I will endeavour to respond promptly, but please allow a reasonable time frame before wider
  24. disclosure.