mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
pid1: warn if people use User=nobody (#16293)
This commit is contained in:
parent
7143b95552
commit
bed0b7dfc0
4
TODO
4
TODO
@ -30,10 +30,6 @@ Features:
|
||||
|
||||
* if /usr/bin/swapoff fails due to OOM, log a friendly explanatory message about it
|
||||
|
||||
* warn if User=nobody is used in a unit file. It's the overflow UID after all,
|
||||
and the service might thus get access to files it really should not get
|
||||
access to on NFS and userns environments.
|
||||
|
||||
* build short web pages out of each catalog entry, build them along with man
|
||||
pages, and include hyperlinks to them in the journal output
|
||||
|
||||
|
@ -464,3 +464,23 @@ system shutdown.
|
||||
It is generally recommended to avoid such overly long mount point paths, or —
|
||||
if used anyway – manage them independently of systemd, i.e. establish them as
|
||||
well as tear them down automatically at system shutdown by other software.
|
||||
|
||||
-- b480325f9c394a7b802c231e51a2752c
|
||||
Subject: Special user @OFFENDING_USER@ configured, this is not safe!
|
||||
Defined-By: systemd
|
||||
Support: %SUPPORT_URL%
|
||||
Documentation: https://systemd.io/UIDS-GIDS
|
||||
|
||||
The unit @UNIT@ is configured to use User=@OFFENDING_USER@.
|
||||
|
||||
This is not safe. The @OFFENDING_USER@ user's main purpose on Linux-based
|
||||
operating systems is to be the owner of files that otherwise cannot be mapped
|
||||
to any local user. It's used by the NFS client and Linux user namespacing,
|
||||
among others. By running a unit's processes under the identity of this user
|
||||
they might possibly get read and even write access to such files that cannot
|
||||
otherwise be mapped.
|
||||
|
||||
It is strongly recommended to avoid running services under this user identity,
|
||||
in particular on systems using NFS or running containers. Allocate a user ID
|
||||
specific to this service, either statically via systemd-sysusers or dynamically
|
||||
via the DynamicUser= service setting.
|
||||
|
@ -13,6 +13,8 @@
|
||||
#include <sched.h>
|
||||
#include <sys/resource.h>
|
||||
|
||||
#include "sd-messages.h"
|
||||
|
||||
#include "af-list.h"
|
||||
#include "alloc-util.h"
|
||||
#include "all-units.h"
|
||||
@ -2287,6 +2289,15 @@ int config_parse_user_group_compat(
|
||||
return -ENOEXEC;
|
||||
}
|
||||
|
||||
if (strstr(lvalue, "User") && streq(k, NOBODY_USER_NAME))
|
||||
log_struct(LOG_NOTICE,
|
||||
"MESSAGE=%s:%u: Special user %s configured, this is not safe!", filename, line, k,
|
||||
"UNIT=%s", unit,
|
||||
"MESSAGE_ID=" SD_MESSAGE_NOBODY_USER_UNSUITABLE_STR,
|
||||
"OFFENDING_USER=%s", k,
|
||||
"CONFIG_FILE=%s", filename,
|
||||
"CONFIG_LINE=%u", line);
|
||||
|
||||
return free_and_replace(*user, k);
|
||||
}
|
||||
|
||||
|
@ -166,6 +166,10 @@ _SD_BEGIN_DECLARATIONS;
|
||||
#define SD_MESSAGE_MOUNT_POINT_PATH_NOT_SUITABLE_STR \
|
||||
SD_ID128_MAKE_STR(1b,3b,b9,40,37,f0,4b,bf,81,02,8e,13,5a,12,d2,93)
|
||||
|
||||
#define SD_MESSAGE_NOBODY_USER_UNSUITABLE SD_ID128_MAKE(b4,80,32,5f,9c,39,4a,7b,80,2c,23,1e,51,a2,75,2c)
|
||||
#define SD_MESSAGE_NOBODY_USER_UNSUITABLE_STR \
|
||||
SD_ID128_MAKE_STR(b4,80,32,5f,9c,39,4a,7b,80,2c,23,1e,51,a2,75,2c)
|
||||
|
||||
_SD_END_DECLARATIONS;
|
||||
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user