running speech-dispatcher as non-root using setuid on XO and accompanying security issues

Tim Cross tcross at rapttech.com.au
Thu Jul 17 22:57:54 EDT 2008


> 
> P.S. - In the long run, speechd should probably learn to run under its
> own uid(s). Then the appropriate uids can own the appropriate log files.
> 

I agree with Michael here. If you look at some of the files in /var/run and
/var/log, you will see that some of them are owned by a specific user
representing the binary that logs to those files/directories. Sometimes,
they may be owned by root, but in a group specific to the application with
group write permissions. Creating a standard user for an application is
normal practice on many GNU/Linux distros. I've seen the set gid bit set on
directories so that any files created in that directory are created in the
same group as the directory regardless of the uid of the creating process
e.g. chmod g+s dirname

The other alternative I've seen, but which I don't think is as good, is to
put the logs in /tmp. The main downside here is that the /tmp directory is
often cleaned out as part of the boot or shutdown process. this can cause
valuable logging information to be lost right when you need it e.g. speech
stopped working and the only easy way to get it back was a reboot, but now
you have lost any logging that could be used for diagnostic purposes.  In
some cases, logging to /tmp can represent a security issue, but I'm not
sure if that is relevant in this case and at any rate, it would still be
less of a security issue than running as root using suid.

regards,

Tim



More information about the Devel mailing list