argus in chroot, privilege seperation/revocation

[Andreas Östling]

On Wednesday 20 September 2006 07:24, Carter Bullard wrote:
> Hey Andreas,
> So I have a few issues/questions regarding your patch.  No problem,
> just need to find the right approach.  When the "-C dir" option is
> used, along with  the "-w outputfile" option, how do we ensure that
> we chroot before we process the output file option, which causes us
> to create the file.  Same with your "-u user" or "-g group" option,
> since these could affect whether the output file can be created or
> not.

I remember dealing with this issue now when trying the patch on Argus 3 
on some early RC. I made some simple change to fix it but unfortunately 
I can't find that patch now. If i remember correctly Argus opened the 
-w file file twice (first time just an open/close to create it) and I 
never understood the point of it so I think I simply removed the first 
one. Of course if the chroot/privilege drop happens before the 
remaining open, -w file is opened relative to the chroot dir and the 
creation/open is done as the unprivileged user. I personally don't 
really mind how it's done as long as it's documented.

As a side effect you could then start Argus suid root again. Not that I 
would do that but I supposed you should be able to since there are 
already some setuid(getuid()) in here. That stuff broke things in a 
similar way since Argus would create the output file as root, drop 
privileges, and then fail to reopen it as the real user. But again this 
was some early RC and I don't really remember the details.


> Can I use the "-u user" option without using the "-g group" option?

As you noticed I added a test so you must specify either none or both.
Specifying only one of them doesn't really make sense to me but
technically there is no reason why you couldn't use -u without -g.

/Andreas