-
-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
QRexec services should be able to specify the user they must run as #6354
Closed
Labels
C: core
P: default
Priority: default. Default priority for new issues, to be replaced given sufficient information.
pr submitted
A pull request has been submitted for this issue.
T: enhancement
Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Milestone
Comments
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
May 28, 2023
This also dramatically improves the configuration parser. Configuration files now use a strict subset of TOML rather than an ad-hoc format with no validation. Fixes: QubesOS/qubes-issues#6354 Fixes: QubesOS/qubes-issues#8153
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jul 2, 2023
This also dramatically improves the configuration parser. Configuration files now use a strict subset of TOML rather than an ad-hoc format with no validation. Fixes: QubesOS/qubes-issues#6354 Fixes: QubesOS/qubes-issues#8153
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Aug 3, 2023
This also dramatically improves the configuration parser. Configuration files now use a strict subset of TOML rather than an ad-hoc format with no validation. Fixes: QubesOS/qubes-issues#6354 Fixes: QubesOS/qubes-issues#8153
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Aug 4, 2023
This also dramatically improves the configuration parser. Configuration files now use a strict subset of TOML rather than an ad-hoc format with no validation. I also did a significant amount of refactoring and hardened the code against bogus input. These changes are not security fixes because the input comes from dom0, which is trusted. Fixes: QubesOS/qubes-issues#6354 Fixes: QubesOS/qubes-issues#8153
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Aug 4, 2023
This also dramatically improves the configuration parser. Configuration files now use a strict subset of TOML rather than an ad-hoc format with no validation. I also did a significant amount of refactoring and hardened the code against bogus input. These changes are not security fixes because the input comes from dom0, which is trusted. Fixes: QubesOS/qubes-issues#6354 Fixes: QubesOS/qubes-issues#8153
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Aug 7, 2023
This also dramatically improves the configuration parser. Configuration files now use a strict subset of TOML rather than an ad-hoc format with no validation. Fixes: QubesOS/qubes-issues#6354 Fixes: QubesOS/qubes-issues#8153
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Sep 15, 2023
This also dramatically improves the configuration parser. Configuration files now use a strict subset of TOML rather than an ad-hoc format with no validation. Fixes: QubesOS/qubes-issues#6354 Fixes: QubesOS/qubes-issues#8153
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Sep 19, 2023
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Sep 19, 2023
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Sep 19, 2023
ben-grande
added a commit
to ben-grande/vim-qrexec
that referenced
this issue
Apr 30, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
C: core
P: default
Priority: default. Default priority for new issues, to be replaced given sufficient information.
pr submitted
A pull request has been submitted for this issue.
T: enhancement
Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
The problem you're addressing (if any)
qrexec services should be able to specify the user they should run as.
qubes.VMRootShell
should always specifyroot
, for example.Describe the solution you'd like
Add a service configuration option to specify the user the service will run as.
Where is the value to a user, and who might that user be?
This will make service writing less error-prone.
Describe alternatives you've considered
None
Additional context
#6229 (comment)
Relevant documentation you've consulted
Related, non-duplicate issues
#6229
The text was updated successfully, but these errors were encountered: