From: Otto Moerbeek <otto@drijf.net>
Subject: Re: lack of privsep in acme-client(1) - thoughts?
To: Janne Johansson <icepic.dz@gmail.com>
Cc: Lloyd <ng2d68@proton.me>, tech <tech@openbsd.org>
Date: Tue, 16 Dec 2025 09:52:14 +0100

On Tue, Dec 16, 2025 at 08:44:11AM +0100, Janne Johansson wrote:

> Did you read https://kristaps.bsd.lv/acme-client/ to see how the
> different parts are protected and use whatever privs they need and
> nothing more?

Obviously not, assuming looking at a single line of code is enough to
judge the security characteristics of a program.

 -Otto

> 
> > One of my biggest issues with acme-client(1) - which does string parsing
> > of untrusted input from the network - is shown below:
> >
> > if (getuid() != 0)
> >         errx(EXIT_FAILURE, "must be run as root");
> >
> > AFAIK there is no justified need to run acme-client child processes as
> > root, and it could fare better with a dedicated user and some tidying up
> > of file locations.
> 
> 
> -- 
> May the most significant bit of your life be positive.
>