[FS#926] Privilege separation
LEDE Bugs
lede-bugs at lists.infradead.org
Mon Jul 24 00:14:23 PDT 2017
A new Flyspray task has been opened. Details are below.
User who did this - French Fries (jmpoure)
Attached to Project - LEDE Project
Summary - Privilege separation
Task Type - Feature Request
Category - Base system
Status - Unconfirmed
Assigned To -
Operating System - All
Severity - Critical
Priority - Very Low
Reported Version - Trunk
Due in Version - Undecided
Due Date - Undecided
Details - Sorry if this was discussed before.
LEDE executes all software under the root account, when it is preferable to execute using an unprivileged account. Example : NTP
Under Debian:
ps aux | grep ntp
ntp 1069 0.0 0.0 106320 3684 ? Ssl 08:12 0:00 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 122:131
Under LEDE:
grep ntp
2951 root 964 S < /usr/sbin/ntpd -n -N -S /usr/sbin/ntpd-hotplug -p 192.168.X.X
On a firewall appliance, this is really an issue. Any a successful attack can compromise the root account.
What is LEDE roadmap for privilege separation?
Could you tell use more about your plan?
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=926
More information about the lede-bugs
mailing list