From owner-freebsd-ports Mon Nov 5 12:58: 0 2001 Delivered-To: freebsd-ports@freebsd.org Received: from pr0n.kutulu.org (pr0n.kutulu.org [151.196.107.157]) by hub.freebsd.org (Postfix) with ESMTP id EC14E37B416; Mon, 5 Nov 2001 12:57:51 -0800 (PST) Received: (from kutulu@localhost) by pr0n.kutulu.org (8.11.6/8.11.6) id fA5KvP096355; Mon, 5 Nov 2001 15:57:25 -0500 (EST) (envelope-from kutulu) Date: Mon, 5 Nov 2001 15:57:25 -0500 From: Kutulu To: Clive Lin , ijliao@FreeBSD.ORG, freebsd-ports@FreeBSD.ORG Subject: Re: ports/30431: ircd-hybrid fails to open logfile when started as root and running as non-root Message-ID: <20011105155725.A96337@pr0n.kutulu.org> Mail-Followup-To: Clive Lin , ijliao@FreeBSD.ORG, freebsd-ports@FreeBSD.ORG References: <200110201346.f9KDkoH94175@freefall.freebsd.org> <20011020235846.A65605@cartier.cirx.org> <001c01c15981$a3614a40$88682518@longhill1.md.home.com> <20011020175246.A60977@gattaca.yadt.co.uk> <20011021194658.A3397@malloc.eb.kliev.net> <20011105165431.A93095@gattaca.yadt.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011105165431.A93095@gattaca.yadt.co.uk>; from davidt@yadt.co.uk on Mon, Nov 05, 2001 at 04:54:31PM +0000 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Nov 05, 2001 at 04:54:31PM +0000, David Taylor wrote: > On Sun, 21 Oct 2001, Clive Lin wrote: > Well, the official position of the hybrid team is that the SUID code > shouldn't be used, and ircd should be run as a seperate user (e.g. ircd), > which should own the logfiles. It might also be an idea to set up resource Actually, I'm not using the SUID code. I've defined a UID and GID in the config file for ircd to run as. It's not suid anything, but it's started as root and drops privs as soon as possible. I understand that the hybrid teams strongly recommends against the SUID code, but does that include starting a non-suid ircd as root and having it drop it's privs? As far as ircd owning the log files, I'm mostly just trying to keep them all in one place, specifically /var/log with the rest of my log files. I'm not sure which is less secure: having root own the ircd log file, or allowing the ircd user to write to /var/log... > I'd say applying the patch anyway would be a good idea, but i'm hesitant to > start doing lots more before dropping privileges, as i'm not sure of the > security implications... I'm curious what the hybrid teams position on this is as well. Most other system daemons that run unpriviledged (named, httpd, ftpd, etc) start as root, bind to the sockets, open their log files, they drop privs to their 'run-as-me' user, so I can't see how it would be any worse for ircd. If there's something more insidious going on, please let me know so I can stop doing it :) --K To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message