Mailing List Archive

From:: Otto Moerbeek <otto@drijf.net>
Subject:: Re: lack of privsep in acme-client(1) - thoughts?
To:: Janne Johansson <icepic.dz@gmail.com>
Cc:: Lloyd <ng2d68@proton.me>, tech <tech@openbsd.org>
Date:: Tue, 16 Dec 2025 09:52:14 +0100

Download raw body.

Thread

2025-12-16 07:44 Janne Johansson:
lack of privsep in acme-client(1) - thoughts?
- 2025-12-16 08:48 Lloyd:
  lack of privsep in acme-client(1) - thoughts?
- 2025-12-16 08:52 Otto Moerbeek:
  lack of privsep in acme-client(1) - thoughts?
2025-12-16 11:29 Stuart Henderson:
lack of privsep in acme-client(1) - thoughts?
- 2025-12-16 16:26 Theo de Raadt:
  lack of privsep in acme-client(1) - thoughts?

On Tue, Dec 16, 2025 at 08:44:11AM +0100, Janne Johansson wrote:

> Did you read https://kristaps.bsd.lv/acme-client/ to see how the
> different parts are protected and use whatever privs they need and
> nothing more?

Obviously not, assuming looking at a single line of code is enough to
judge the security characteristics of a program.

 -Otto

> 
> > One of my biggest issues with acme-client(1) - which does string parsing
> > of untrusted input from the network - is shown below:
> >
> > if (getuid() != 0)
> >         errx(EXIT_FAILURE, "must be run as root");
> >
> > AFAIK there is no justified need to run acme-client child processes as
> > root, and it could fare better with a dedicated user and some tidying up
> > of file locations.
> 
> 
> -- 
> May the most significant bit of your life be positive.
>

2025-12-16 07:44 Janne Johansson:
lack of privsep in acme-client(1) - thoughts?
- 2025-12-16 08:48 Lloyd:
  lack of privsep in acme-client(1) - thoughts?
- 2025-12-16 08:52 Otto Moerbeek:
  lack of privsep in acme-client(1) - thoughts?
2025-12-16 11:29 Stuart Henderson:
lack of privsep in acme-client(1) - thoughts?
- 2025-12-16 16:26 Theo de Raadt:
  lack of privsep in acme-client(1) - thoughts?