Re: Providing an alternative to setuid in GuixSD

[sbaugh]

Christopher Allan Webber <address@hidden> writes:
> So, you're running psudo, and this thing maybe accepts connections over
> something more secure, *maybe* unix domain sockets... so restrict group
> access to the socket to users in the "psudo" group.
>
> From there, maybe it could require PAM authentication while entering the
> root password, or something.
>
> It feels hard to know how psudo could "know" what user is accessing the
> socket... I don't think that information is made available, right?
> Maybe I'm wrong!  I guess postgres and etc do similar things?

On Linux, there is SCM_CREDENTIALS (and similar stuff on BSDs). From
Linux unix(7):

SCM_CREDENTIALS
Send or receive UNIX credentials.  This can be used for authentication.
The credentials are passed as a struct ucred ancillary message.  Thus
structure is defined in <sys/socket.h> as follows:

           struct ucred {
               pid_t pid;    /* process ID of the sending process */
               uid_t uid;    /* user ID of the sending process */
               gid_t gid;    /* group ID of the sending process */
           };

Moreover there is the Polkit (ne PolicyKit) framework for this kind of
stuff, which could provide a more high-level interface if we chose to
use it. (GNOME uses it as does systemd)

(Note that there is already pkexec (bundled with Polkit) which provides
a sudo replacement with authentiation and policy through Polkit. But
it's setuid for some reason. I haven't investigated why...)