Mailing List Archive

From:: Janne Johansson <icepic.dz@gmail.com>
Subject:: Re: lack of privsep in acme-client(1) - thoughts?
To:: Lloyd <ng2d68@proton.me>
Cc:: tech <tech@openbsd.org>
Date:: Tue, 16 Dec 2025 08:44:11 +0100

Download raw body.

Thread

2025-12-16 07:33 Lloyd:
lack of privsep in acme-client(1) - thoughts?
- 2025-12-16 07:44 Janne Johansson:
  lack of privsep in acme-client(1) - thoughts?
- - 2025-12-16 08:48 Lloyd:
    lack of privsep in acme-client(1) - thoughts?
  - 2025-12-16 08:52 Otto Moerbeek:
    lack of privsep in acme-client(1) - thoughts?

Did you read https://kristaps.bsd.lv/acme-client/ to see how the
different parts are protected and use whatever privs they need and
nothing more?

> One of my biggest issues with acme-client(1) - which does string parsing
> of untrusted input from the network - is shown below:
>
> if (getuid() != 0)
>         errx(EXIT_FAILURE, "must be run as root");
>
> AFAIK there is no justified need to run acme-client child processes as
> root, and it could fare better with a dedicated user and some tidying up
> of file locations.


-- 
May the most significant bit of your life be positive.

2025-12-16 07:33 Lloyd:
lack of privsep in acme-client(1) - thoughts?
- 2025-12-16 07:44 Janne Johansson:
  lack of privsep in acme-client(1) - thoughts?
- - 2025-12-16 08:48 Lloyd:
    lack of privsep in acme-client(1) - thoughts?
  - 2025-12-16 08:52 Otto Moerbeek:
    lack of privsep in acme-client(1) - thoughts?