Replace uid==0 tests with capability checks

Corinna Vinschen vinschen at redhat.com
Thu Mar 19 02:08:08 EST 2009


Is there any chance this can be discussed at one point?

On Mar 11 09:26, Corinna Vinschen wrote:
> Hi,
> 
> This time with it's own subject:
> 
> What's still missing in OpenSSH is code which abstracts the idea of the
> root user to the idea of a user with certain privileges.  At least
> Linux/Solaris/Cygwin/Windows allow to specify finer grained user rights,
> so that certain types of tasks are not necessarily run by the root user.
> In case of Cygwin/Windows there isn't even a root user, just users with
> certain privileges.  Given that, the hardcoded checks for uid == 0 don't
> make sense or rather, are too bulky in a couple of environments.  To
> reiterate an idea I'm proposing for quite some time now:
> 
>   Instead of checks as
>   
>     if (getuid() == 0)
>       do_foo_bar ();
>     else
>       EEEEK!
>      
>    openssh should have checks along the lines of
> 
>     if (uid_has_capability (getuid (), CAP_foo_bar))
>       do_foo_bar ();
>     else
>       EEEEK!
> 
> The function uid_has_capability() would be quite simple on systems
> which don't have fine-grained user rights:
> 
>     int
>     uid_has_capability (uid_t uid, int capability)
>     {
>       return uid == 0;
>     }
> 
> but could be much more elaborate on other platforms like Linux, Solaris,
> or Cygwin.  And, again, I'm willing to help with this stuff in terms of
> coding.
> 
> 
> Corinna
> 
> -- 
> Corinna Vinschen
> Cygwin Project Co-Leader
> Red Hat
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat


More information about the openssh-unix-dev mailing list