From 618920f01b65dfeffe76092057998808163ccb11 Mon Sep 17 00:00:00 2001
From: Jiri Popek <jiri.popek@gmail.com>
Date: Thu, 25 Jul 2019 13:35:11 +0200
Subject: Add option to set owner group of daemon FIFO (#122)

New option to set owner group of daemon FIFO (Default: /tmp/dlt)
is added in dlt.conf. If this option is used properly, more
secure tracing can be realized.

Only application that is in dlt_user_apps_group can write log
message to daemon FIFO.

Signed-off-by: Yusuke Sato <yusuke-sato@apn.alpine.co.jp>
---
 doc/dlt.conf.5.md | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

(limited to 'doc')

diff --git a/doc/dlt.conf.5.md b/doc/dlt.conf.5.md
index 08879b0..5142118 100644
--- a/doc/dlt.conf.5.md
+++ b/doc/dlt.conf.5.md
@@ -135,6 +135,50 @@ Read gateway configuration from another location
 
     Default: /etc/dlt_gateway.conf
 
+# Permission configuration
+
+DLT daemon runs with e.g.
+ User: genivi_dlt
+ Group: genivi_dlt
+
+DLT user applications run with different user and group than dlt-daemon but with supplimentory group: dlt_user_apps_group
+
+<basedir>/dlt FIFO will be created by dlt-daemon with
+    User: genivi_dlt
+    Group: dlt_user_apps_group
+    Permission: 620
+
+so that only dlt-daemon can read and only processes in dlt_user_apps_group can write.
+
+<basedir>/dltpipes will be created by dlt-daemon with
+    User: genivi_dlt
+    Group: genivi_dlt
+    Permission: 3733 (i.e Sticky bit and SGID turned on)
+
+<basedir>/dltpipes/dlt<PID> FIFO will be created by dlt application (user lib) with
+    User: <user of the application>
+    Group: genivi_dlt (inherited from <basedir>dltpipes/ due to SGID)
+    Permission: 620
+
+Thus DLT user applications (and also or attackers) can create the dlt<PID> FIFO
+(for communication from dlt-daemon to DLT user application) under <basedir>/dltpipes/. Since sticky bit is set the applications who creates the FIFO can only rename/delete it.
+
+Since SGID of <basedir>/dltpipes is set the group of dlt<PID> FIFO will be genivi_dlt which enables dlt daemon to have write permission on all the dlt<PID> FIFO.
+
+One dlt user application cannot access dlt<PID> FIFO created by other dlt user application(if they run with different user).
+
+Owner group of daemon FIFO directory(Default: /tmp/dlt) (If not set, primary group of dlt-daemon process is used).
+Application should have write permission to this group for tracing into dlt. For this opton to work, dlt-daemon should have this group in it's supplementary group.
+
+## DaemonFifoGroup
+
+Owner group of daemon FIFO directory
+(If not set, primary group of dlt-daemon process is used)
+Application should have write permission to this group for tracing into dlt
+For this opton to work, dlt-daemon should have this group in it's Supplementary group
+
+    Default: group of dlt-daemon process (/tmp/dlt)
+
 # CONTROL APPLICATION OPTIONS
 
 ## ControlSocketPath
-- 
cgit v1.2.1