Replace trampoline with a root daemon
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
IVLE |
Triaged
|
Medium
|
Unassigned |
Bug Description
trampoline is currently a fairly good security risk. Anything running as
the web server can use it to sudo to lots of users, and anything run by it
reamins intimately tied to the web server. Its daemon mode can't be watched
either, as the parent (an Apache thread) dies quickly. It also requires an
awful lot of command-line arguments and breaks when configuration changes.
I suspect we would be better off replacing it with a Python daemon that
runs as root. It listens on a local filesystem socket for connections from
the web server, and can be told to perform all of the actions that we use
trampoline for now. When starting a Python console, it can observe it and
make sure it doesn't behave badly. It can also manage mounting, unmounting
and rebuilding of jails.
tags: | added: trampoline |
Changed in ivle: | |
assignee: | William Grant (wgrant) → nobody |
It can also do creation of jails if necessary, for uses like issue 85.