Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-3103

Improve privilege elevation

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.2.0
    • Component/s: Core, Security
    • Labels:
      None

      Description

      Improve privilege elevation so that we have a single function that alters process credentials, and does it correctly.

      Here is the behavior I plan to implement:

      1. traffic_manager runs with real root credentials, but
      effective credentials as given by proxy.config.admin.user_id.
      It will elevate back to root to perform privileged operations.

      2. traffic_server is started with real root credentials,
      but attempts to permanently drop to an unprivileged user early
      in the startup process. The unprivileged user account for
      traffic_server is also given by proxy.config.admin.user_id.
      when traffic_server drops privilege, it does so permanently.

      3. traffic_server may elevate privilege depending on the
      value of proxy.config.ssl.cert.load_elevated and
      proxy.config.plugin.load_elevated. This elevation will only
      be supported on platforms that have per-thread capabilities.
      traffic_server will check at startup whether to retain
      sufficient capabilities to allow it to elevate later. This
      means that the *.load_elevated configurations will not be
      reloadable.

      4. After traffic_server drops privilege, we will continue to abort
      with a fatal error if the real or effective user ID is root. This
      behavior can be avoided by defining BIG_SECURITY_HOLE=1 at build
      time.

        Attachments

          Activity

            People

            • Assignee:
              jamespeach James Peach
              Reporter:
              jamespeach James Peach
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: