search

cormander / tpe-lkm

Trusted Path Execution (TPE) Linux Kernel Module
Other
157 stars 55 forks source link

Feature request - multiple values for trusted_gid #10

Closed NuxRo closed 8 years ago

NuxRo commented 10 years ago

Seems like the main dev is on a roll, so trying to take advantage and requesting a feature. :-)

Can we haz multiple values for trusted_gid or admin_gid? Sometimes I want to exclude from tpe certain scripts owned by e.g. CPanel via different gids, I'm sure there would be other practical use cases.

cormander commented 10 years ago

I don't understand this use case. Could you be more specific?

What's the problem with creating a "tpe" group and adding the various cPanel users to that group?

Or in the case of admin gid - why can't you chgrp those scripts?

One thing I've implemented (but haven't pushed up yet) is "trusted_invert" which makes the trusted gid the only group in which tpe is enforced. Would doing that, and adding all system users that aren't cPanel system users to the group work instead?

NuxRo commented 10 years ago

Hi, can't remember right now why I was not able to use the group trick. Chgrp would not help as cpanel self-updates and the files get overwritten. Feel free to ignore this and I'll try to test on an actual cpanel box next week.

cormander commented 10 years ago

@NuxRo; Any follow up here?

NuxRo commented 10 years ago

Sorry, not as yet. Feel free to ignore this for the time being.

cormander commented 7 years ago

The addition of the xattr support for soften flags should help with misbehaving apps of different gids.

NuxRo commented 7 years ago

Thanks Cory, I'll look this up next time I put tpe on cpanel.