[Dev] processes running as root

Schaufler, Casey casey.schaufler at intel.com
Thu Aug 14 14:41:11 GMT 2014


> -----Original Message-----
> From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of Valentina
> Giusti
> Sent: Thursday, August 14, 2014 5:54 AM
> To: dev at lists.tizen.org
> Subject: Re: [Dev] processes running as root
> 
> On 08/12/2014 03:08 PM, Stéphane Desneux wrote:
> > Hi Valentina,
> 
> Hi Stephane,
> 
> > As Casey and Carsten said: things are not black and white... but simply
> > gray :) We *try* to reduce the daemons running as root as much as
> > possible. But it's not an absolute rule.
> >
> > Sometimes, it's possible to migrate a daemon from root to <some system
> > user> without much difficulties. A good example is weston in
> > Tizen:Common: it runs as a 'display' user, who has the proper rights on
> > the DRM and input devices.
> >
> > For some other daemons, it can become more tricky.
> >
> > If I take a quick look on a recent Tizen:Common snapshot, I can see that
> > there are some daemons running as root, as you noticed:
> >
> > root       159     1  0 03:22 ?        00:00:00 /usr/sbin/ofonod -n
> > root       161     1  0 03:22 ?        00:00:00 /usr/bin/alarm-server
> > root       168     1  0 03:22 ?        00:00:00 /usr/sbin/connmand -n
> > root       172     1  0 03:22 ?        00:00:00 /usr/bin/security-server
> > root       173     1  0 03:22 ?        00:00:00 /usr/bin/media-server
> > root       175     1  0 03:22 ?        00:00:00
> > /usr/bin/notification-service
> > root       239     1  0 03:22 ?        00:00:00 /lib/bluetooth/bluetoothd -E
> > root       344     1  0 03:22 ?        00:00:00 /usr/sbin/wpa_supplicant -u
> > root      1037   173  0 03:23 ?        00:00:00 media-thumbnail-server
> >
> > In this list, I see 3 categories:
> > - some daemons can very probably run as system users (media-server,
> > media-thumbnail-server, ofonod, alarm-server), if we're able to define
> > the appropriate rights
> > - for network and connectivity daemons (connmand, wpa_supplicant,
> > bluetoothd), it may be more tricky to migrate to non-root users, but
> > this needs some investigation
> > - some services need to run as root (security-server AFAIK)
> >
> > As Casey pointed, migrating from root to system users for some daemons
> > is an ongoing effort.
> 
> thanks for your detailed answer. I was actually wondering how you
> proceeded with the identification of the processes that can be run as
> system processes and if you planned to continue in that direction for
> the services that still run as root.

Ideally the process involves carefully selecting the upstream packages
that best meet our design criteria and functional requirements,
including various aspects of security, one of which is running with
minimal privilege. Usually we end up with something that thinks it
needs more privilege than it does. Where we can fix that easily
we do. 

> My guess is that this would help also with having a
> multi-user/multi-session system.

That's true. We have a mutli-user system that uses UIDs
the way they were intended. That is, to identify users.

> Best Regards,
> - Valentina
> 
> >
> > Best regards,
> 
> _______________________________________________
> Dev mailing list
> Dev at lists.tizen.org
> https://lists.tizen.org/listinfo/dev


More information about the Dev mailing list