Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

Re^3: Clues on writing a secure daemon

by roju (Friar)
on Oct 16, 2004 at 21:20 UTC ( #399823=note: print w/replies, xml ) Need Help??

in reply to Re^2: Clues on writing a secure daemon
in thread Clues on writing a secure daemon

You don't need to run the listener as root.

On startup, you open a pipe. You then fork. Process A drops privs to a junk user like nobody. Process B stays as root and blocks reading the pipe. Process A then listens on the network and performs any work, and then just passes a simple message onto B. B double-checks its input, and if it's good, forks a process as the requested user.

The openssh have a good writeup, they call it Privilege Separation.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://399823]
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others pondering the Monastery: (7)
As of 2023-12-06 18:04 GMT
Find Nodes?
    Voting Booth?
    What's your preferred 'use VERSION' for new CPAN modules in 2023?

    Results (31 votes). Check out past polls.