[Olsr-dev] privilege separation for olsrd
Thu Oct 4 00:32:59 CEST 2012
I would also like to continue the discussion...
Routing setup and socket creation are the main operations that need
root... and I think routing setup needs always root, not only when we
create the netlink socket.
On Wed, Oct 3, 2012 at 9:37 PM, Hans-Christoph Steiner
> Makes sense to me. I'm going to focus on the gcc hardening flags for
> now, and get them incorporated into the Debian package. Then I think we
> should consider adding them to the relevant Makefiles in olsrd.
if there are any bugs when we run with -O2, just post them here...
should be trivial to fix.
The new framework already compiles on -Os and -O2/-O3, so it should be
easy to move this code to "hardened".
> For something like OpenWRT, I don't think the hardening is so important
> since an OpenWRT mesh node is very unlikely to contain other data on
> them. For olsrd running on people's laptops and phones, then it makes
> it a much more appealing target.
> On 10/03/2012 02:54 PM, Ferry Huberts wrote:
>> I discussed all of this with Henning on multiple occasions and we always
>> came to the conclusion that (to us) it's not worth the effort for olsrd v1.
>> For olsrd v2 we maybe want to have it but the focus is on getting things
>> up and running.
>> That said, if anyone wants to implement it then they're welcome to do
>> so. Just be warned that it has to be on a branch (since it's a major
>> change) and that it will be closely scrutinised once proposed for merging.
>> On 03-10-12 19:47, Roar Bjørgum Rotvik wrote:
>>> On 10/03/2012 06:07 PM, Hans-Christoph Steiner wrote:
>>>> I was just poking around OpenSSH for ideas for how olsrd could be a lot
>>>> more secure. The main issue right now is that olsrd does everything as
>>>> root, even though it only needs root privileges for specific things
>>>> (opening the socket on port 698 and editing the routing table).
>>>> OpenSSH is a daemon that needs privileges for opening a socket on port
>>>> 22, but then it does very little else as root. It does this without
>>>> using threads, but relies on multiple processes instead. Here's two
>>>> overviews of how openssh does it:
>>> I understand that my suggestion is Linux-only, but what about posix
>>> (and many other sites)
>>> Capabilites divides root power in smaller pieces. For olsrd, it may work
>>> to let olsrd drop all caps without CAP_NET_BIND_SERVICE/CAP_NET_ADMIN
>>> (needed for priviledged network operations like take interface up/down,
>>> I think this also work for netlink sockets). Or set caps in file
>>> attribute in the filesystem.
>>> But as I said, don't know if/how this is supported on other platforms.
>>> Roar Bjørgum Rotvik
> Olsr-dev mailing list
Steven Hawkings about cosmic inflation: "An increase of billions of
billions of percent in a tiny fraction of a second. Of course, that
was before the present government."
More information about the Olsr-dev