Re: Reverse of promoting to root: downgrade root to unprivileged

[RVP <rvp%SDF.ORG@localhost>]

On Tue, 30 Jan 2024, tlaronde%kergis.com@localhost wrote:

> That something can be written is sure. But I wondered if there was
> some attempt of some library (in whatever language) or some utility
> that will "fence" a root user, and will, allow, without modifying
> existing (say, as an example, using pkgsrc compilation and
> installation procedure), to downgrade root for running and, when
> hitting the fence (trying to transgress the rights), will consult a
> list of commands---may be script lines: "make install"---and then
> respawn the part with updated rights if the commands were listed.

Checking for EPERM or EACCESS in a user program (I'm thinking of dtrace
here) or in an intercepting library and then becoming root and retrying
would be pretty hairy in userspace. Simpler to make use of the kernel-
provided features:

1. If you only want to write things as root whilst running as a user,
   you can use mount_umap(8). But, this 1-to-1 remapping won't work
   for pkgsrc, I think, where the installed files can have arbitrary users.

2. Extend secmodel_extensions(9) slightly so that you can do something
   like:

```
#	rvp & xyz are to be elevated.
% sysctl -w security.models.extensions.pantheon.uids=$(id -u rvp),$(id -u xyz)

# 	Go!
% sysctl -w security.models.extensions.pantheon.enable=1

#	Kick them out after 1 hour.
% { sleep 3600; sysctl -w security.models.extensions.pantheon.enable=0; } &
% cd /usr/pkgsrc/some/pkg && make install
```

> The question arises when I asked (wanting to write something for my
> own): OK, but _what_ unprivileged user exists that I can safely "su"
> to and accomplish the unprivileged part as? "nobody" does not seem the
> answer; "operator" neither. This opened a can of worm-questions ;-)

I have a `bld' user for this.

-RVP