Re: [chrony-dev] Drop cmdmon authentication?

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


On Sat, Apr 25, 2015 at 07:26:53AM -0700, Bill Unruh wrote:
> Of course, there is also the issue of unpriviledged people being given
> permission to control and administer chrony. While sudo is a possibility, it
> potentially does open up a local attack vector in which chronyc could be used
> for priviledge escallation.

That is a good point. If we force the users to ssh+sudo, we should
make sure the command parsing is good enough to not allow arbitrary
code execution via crafted commands. The cmdmon code has been reviewed
couple times already now, but I'm not sure if there was any thorough
review of the chronyc code.

Also, it might be a good idea to create the chronyd command socket
with permissions of the user to which the root permissions are
dropped, so it's not necessary to run chronyc under root in order to
connect to chronyd.

-- 
Miroslav Lichvar

-- 
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/