public inbox for nncp-devel@lists.cypherpunks.ru
Atom feed

From: John Goerzen <jgoerzen@complete•org>
To: nncp-devel@lists.cypherpunks.ru
Subject: Re: Setup on unprivileged accounts
Date: Wed, 04 Aug 2021 07:22:19 -0500	[thread overview]
Message-ID: <87k0l1wgas.fsf@complete.org> (raw)
In-Reply-To: <87lf5hx36j.fsf@complete.org>


On Tue, Aug 03 2021, John Goerzen wrote:

> 2) Perhaps I could lock down the setuid nncp-daemon and have a 
> wrapper that
> forces command-line options to a certain set.  It sure has some 
> elegance to it,
> as it avoids cron entirely (at least for exchange; may still 
> need it for
> tossing), but still makes me nervous.

A variant on that one that occurred to me: ssh authorized_keys 
with a lot of lockdowns.  I could then force the command to be run 
with only designated command-line parameters, at least.  It still 
makes me nervous (ssh!), but less do.  People could ssh to 
localhost and exchange data that way.

John

next prev parent reply	other threads:[~2021-08-04 12:23 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-04  4:08 Setup on unprivileged accounts John Goerzen
2021-08-04 12:22 ` John Goerzen [this message]
2021-08-04 13:50 ` Sergey Matveev
2021-08-04 18:58   ` Jonathan Lane
2021-08-05  4:23   ` John Goerzen