First off, thanks very much for giving me exactly what I asked for. You propose that instead of

simoncion • today at 7:37 AM • 3 replies • view on HN

First off, thanks very much for giving me exactly what I asked for.

You propose that instead of sometimes running ~five lines of C as root, I do one of the following:

1) Run a persistent whole-ass daemon using something for IPC... maybe DBUS, maybe HTTP, and all the code that that pulls in.

2) Use a setuid root program [0] to run the entire program as root, rather than just the ~five lines that need root privs.

3) Use a package that has several-thousand lines of C (and who knows how many lines of Python) running as root and does way more than I need.

All of these alternatives tell a story:

  The alternative to running ~five lines of C as root is to run *many* more lines as root.

This is kinda my point. Some people rave about setuid programs and assert that they should not exist, but when you absolutely need to let an unprivileged user do things that only root is ordinarily permitted to do you're going to have to have code running as root. And when you have code running as root, you have to be careful to get it right. Whether it's running from a setuid root-owned executable, a persistent daemon running as root, or a regular program that sudo [1] has executed as root is irrelevant: it's all code running as root!

[0] People shit on sudo for both being setuid root and for being "too complicated". I love the hell out of the program; it's an essential part of how I get shit done on my PC. sudo is -very seriously- a great tool.

[1] ...or similar...

Replies

c-hendricks • today at 11:37 AM

> it's all code running as root!

Yup! There's no way around that if in the end you need elevated privileges somewhere.

What the other options allow is to contain the blast radius. With the daemon you can control access via groups on the socket, and with sudo you can control access via sudoers.d

> and who knows how many lines of Python

There's no python in gamemode...

➕ show 1 reply

magicalhippo • today at 8:35 AM

> 1) Run a persistent whole-ass daemon using something for IPC

This is the recommended way on Windows as well. Have the (privileged) installer install a privileged service, and have the non-privileged user program communicate with it.

➕ show 1 reply

charcircuit • today at 7:53 AM

>1)

Building services should be easy. The fact that Linux does not have an easy to use IPC mechanism is the fault of Linux. Yes, systemd can make it so services don't have to run until they are connected, and yes dbus exists, but it's overcomplicated for something which should be easy to make. This is a Linux devex failure.

>2)

I agree this is going in the wrong direction. Full sudo is also even more in the wrong direction away from only giving the minimal amount of privileges to the code that needs it.

>3)

See my response to 1). Making programs with different capabilities able to talk to each other should be made dead easy to do.

➕ show 1 reply

alt Hacker News

Replies