Question

I have to perform a number of 'housekeeping' tasks that need root access (Linux, Debian). Generally one time only, but I do need to check that they have been performed.

I don't really want to run the whole program as root though. Is there a good pattern to do these tasks without having the whole program as root?

The tasks are fixed and have no inputs from outside the system (IE no user inputs are needed). Some known tasks include changing the hostname and formatting an SD card.

Was it helpful?

Solution

The answer is privilege separation, as used in SSH and numerous other network daemons. The idea is that you fork a second process. One of the processes drops root privileges. There is a pipe between these processes. The privileged process waits for input from the pipe, performs the operation and returns the result using the pipe. (Note: in some operating systems, pipes may not be bidirectional, so socket pair could be a better, i.e. more portable, option.)

The privileged code needs to be implemented very carefully so you are certain there are no stack smashing vulnerabilities. Of course, the privileged code cannot accept requests to execute arbitrary commands, or else you lose the benefits of privilege separation. So, in other words: the privileged code needs to verify everything in the request to do a privileged task.

Licensed under: CC-BY-SA with attribution
scroll top