coreutils su

Archaic archaic at
Wed Jan 21 09:50:22 PST 2004

On Wed, Jan 21, 2004 at 08:37:59AM -0500, Robert Connolly wrote:
> et_dyn is almost the same problem as with propolice (until glibc 2.3.3
> releases). To build glibc with et_dyn, you'll need crt1S.o either on
> the host (from glibc-2.3.3) or in chap5. And crt1S.o can only be used
> by a binutils that understands -pie. The rest affects et_dyn
> isn't stabilized yet.  chpax is needed on a real system to disable
> et_dyn on some binaries. At least one of the glibc programs uses an
> executable stack, so glibc needs a patch, xfree86 is also affected.
> Since there are enough other things to do, I would prefer to develop
> the stable technologies first, and leave et_dyn for later.  gcc-3.4's
> -pie will be superior to what they have now, and FSF binutils should
> release with -pie by the time gcc-3.4 releases. However much of the
> work for et_dyn has already been done by gentoo, and it would be very
> easy to add it to hlfs. Enforcing non-executable stack would be a bit
> extra work and patches.

Okay, then we will wait on et_dyn. BTW, glibc-2.3.3 has been out since
December and LFS CVS is currently using it so we need to test with that.

> Today I'm looking at installing su in /tools so root can su down to
> uid1. I think it would be safe to allow uid1 to own everything except
> /boot and /etc.

Yes. Similar to package users which I've been using for 2 years now.

> Sudo is a vulnerability in itself.


> Any school of thought in unix says we should not be using root to do
> everything, like we do in chap6.

Actually all main shools of thought say we *should* use root to build a
system as that is a systems function. Users should not be doing any
systems functions.

> I realize its safer to have root own system binaries.

No it isn't. The only safety is the the user *doesn't* own the binaries.

> This is an experiment to see if some of root's trust can come off on
> uid1.

It can. The only things installed on my systems that are root owned are
the kernel, nvidia driver, a couple of devs, and the occasional suid
program (which I have only 2 on this system and everything works fine).

> I can't think of any serious disadvantage to this, but I am curious as
> why no distros do it. This is more secure because it uses the least
> possible privileges to complete a task. User daemon(uid6) could be a
> sister to bin(uid1), running maintence tasks that don't need root, or
> a special user.

Yep. There's still a lot we have to hash out.


[W]hat country can preserve its liberties, if its rulers are not warned
from time to time that [the] people preserve the spirit of resistance?
Let them take arms...The tree of liberty must be refreshed from time to
time, with the blood of patriots and tyrants.

- Thomas Jefferson, letter to Col. William S. Smith, 1787

More information about the hlfs-dev mailing list