Christopher Zimmermann <chrisz@openbsd.org> wrote:
> Thanks for your feedback guys. I tried to improve the interface by
> calling the hook for each challenge challenge individually and send
> information from acme-client via environment variables, which are
> checked against a restrictive alphabet. This makes dropping privileges
> easier and passing random crap from the internet harder.
>
> Privileges can now be dropped with this idiom:
>
> [ `/usr/bin/who -m |cut -d ' ' -f 1` == 'nobody' ] ||
> exec /usr/bin/su -s /bin/sh nobody -s "$@" <"$0"
Wow. Just wow. No way. That's the type of stuff people did
in 1999.
These days, we build the minimal narrow layers of communication between
things, and we don't throw a shell script in there that uses "nobody" as
a safe UID (it is not a safe UID).
No comments:
Post a Comment