[ewg] Allowing ib dignostics to be run without being logged in as root.

Ira Weiny weiny2 at llnl.gov
Wed May 26 11:03:37 PDT 2010


To steer the conversation in a different direction.  Perhaps there is a need to have a second umad device file which allows only for "Get" operations?  I know this could be some work and I don't know if it could be completely done (I have not thought through all the details). [*]

I know there is some discussion on the interface for userspace apps and MAD's on the developers mailing list.  Is this a requirement we should look into more?  I know we have some need for this and now Woody has this need as well.

Thoughts?
Ira

[*] NOTE: I am not directly volunteering to do this work  ;-)  But I have been interested in changing the user level MAD libraries in the past so I think I could help.

On Wed, 26 May 2010 09:51:53 -0700
Justin Clift <justin at salasaga.org> wrote:

> On 05/27/2010 02:19 AM, Woodruff, Robert J wrote:
> > Hal wrote,
> >
> >> sudo can be configured for specific commands to be allowed to specific users.
> >
> > Then perhaps that is a safer way to do it, but it would put more work
> > on the system admin to set it up for people, but if setting the permissions
> > of the commands to setuid root opens up a security hole, we would not want
> > that.
> 
>  From an experienced SysAdmin perspective, the less setuid/setgid 
> programs there are on a system the better.  If a system could have them 
> *all* removed, that would be great. :)
> 
> Security types generally don't like them either, regarding them as a 
> point of weakness due to circumventing finer grained access controls 
> (sudo, ACLs, RBAC, etc).  setuid/setgid binaries are also included (and 
> queried) in *every* system audit.
> 
> Good security practise will generally change the binaries back to being 
> non-setuid/non-setgid (ie "normal" perms) unless there's a Very Good 
> Reason for them to be otherwise.
> 
> I have personally had to secure/harden many *nix systems over the years, 
> plus write detailed technical best practice guides for multi-national 
> corporates on how to do it on more than one occasion.  Last time was in 
> roughly 2006, and setuid/setgid stuff was regarded as bad old practise 
> at that time.  I'd expect it would be even less favoured now.
> 
> 
> > Does anyone know if setting the permissions to setuid root does actually
> > open up a security hole ?
> 
> Not directly.  It just creates lots of secondary hassles for SysAdmins, 
> Security Admins, policy enforcement software, and monitoring software 
> because it introduces another vector for attack.
> 
> People having a need for setuid or setgid root for these binaries can 
> most definitely do it themselves as part of their roll out.
> 
> Not sure if that perspective helps, but you do seem to be asking. :)
> 
> Regards and best wishes,
> 
> Justin Clift
> 
> 
> > woody
> 
> 
> -- 
> Salasaga  -  Open Source eLearning IDE
>                http://*www.*salasaga.org
> _______________________________________________
> ewg mailing list
> ewg at lists.openfabrics.org
> http://*lists.openfabrics.org/cgi-bin/mailman/listinfo/ewg
> 



More information about the ewg mailing list