Gentoo Archives: gentoo-dev

From: Natanael Copa <natanael.copa@×××××.com>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Testing to see if services have crashed on hardened
Date: Fri, 21 Mar 2008 10:44:19
Message-Id: 1206096252.31941.19.camel@nc.nor.wtbts.org
In Reply to: [gentoo-dev] Testing to see if services have crashed on hardened by Roy Marples
On Fri, 2008-03-21 at 10:20 +0000, Roy Marples wrote:
> Hi List. > > I've just removed the code to check for euid when running services and instead > relying on permissions of the service state dir and testing errno. This is a > good thing, but it does have one side effect. > > OpenRC can track daemons by how they were started. So every time you run > rc-status it tests each reported service to ensure all daemons are up. This > also works fine unprivileged on normal boxes - except for hardened where > users can only see their own processes. > > This isn't really an easy answer, as we could have installed OpenRC in a > prefix where this wouldn't apply, but we don't know that either. > > Ideas anyone?
err... run rc-status as root? I mean if you are not supposed to see if a process is running or not as normal user, then hardned is doin it's job when does not allow rc-status to show this info to the unprivileged user. if (!HARDENED || (HARDENED && euid=0) { /* show if process is running or not */ }
> Thanks > > Roy
-- gentoo-dev@l.g.o mailing list

Replies

Subject Author
Re: [gentoo-dev] Testing to see if services have crashed on hardened Roy Marples <roy@×××××××.name>