Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider starting node with root privileges #2324

Open
mrcnski opened this issue Nov 14, 2023 · 1 comment
Open

Consider starting node with root privileges #2324

mrcnski opened this issue Nov 14, 2023 · 1 comment
Labels
T0-node This PR/Issue is related to the topic “node”.

Comments

@mrcnski
Copy link
Contributor

mrcnski commented Nov 14, 2023

I mean, doing that like most privileged UNIX daemons do. Starting up as root (or with suid bit), doing things requiring root (open privileged ports, subscribe to audit events, etc.), and then doing setuid() to drop privileges to the regular user level.

Originally posted by @s0me0ne-unkn0wn in #1685 (comment)
@mrcnski mrcnski added the T0-node This PR/Issue is related to the topic “node”. label Nov 14, 2023
@mrcnski mrcnski mentioned this issue Nov 14, 2023
Merged
@burdges
Copy link

burdges commented Nov 14, 2023

Afaik you could've a different setuid binary, which drops privileges before substrate runs.

@mrcnski mrcnski mentioned this issue Nov 26, 2023
Closed
@mrcnski mrcnski mentioned this issue Dec 29, 2023
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T0-node This PR/Issue is related to the topic “node”.
Projects
parachains team board
Status: No status
PVF Security Hardening
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@burdges @mrcnski