22 Dec
2021
22 Dec
'21
10:50 p.m.
Pydecnet runs as a non-privileged user here, mainly because it connects to Ethernet via
tap devices whose interface ends are ?owned? by that non-privileged user. The non-Ethernet
circuits are over TCp or UDP ports not restricted to root-only.
K
On 22 Dec 2021, at 21:46, Mark J. Blair <nf6x at
nf6x.net> wrote:
?
On Dec 22, 2021, at 1:40 PM, Robert Armstrong
<bob at jfcl.com> wrote:
Please give us (pyDECnet users) a way to disable it - pyDECnet runs as
root and I'm not really comfortable having it become a program that can
remotely read or write files on my system.
Agreed! It seems like something that should be an optionally-enabled feature, and
something that can't serve anything outside of a specified directory tree (security
bugs notwithstanding). Write-only and read-only directories would be helpful, though that
may come for free just by using host filesystem permissions.
Hmm, I do have pyDECnet running as root here at home. I'll look into changing that.
ISTR that I set it up to run under a non-root account at work, but it'll be 2022
before I can easily verify that.
--
Mark J. Blair, NF6X <nf6x at nf6x.net>
https://www.nf6x.net/