Re^3: Clues on writing a secure daemon


Clear questions and runnable code get the best and fastest answer
	PerlMonks

Re^3: Clues on writing a secure daemon

by roju (Friar)

on Oct 16, 2004 at 21:20 UTC ( #399823=note: print w/replies, xml )

Need Help??

in reply to Re^2: Clues on writing a secure daemon
in thread Clues on writing a secure daemon

You don't need to run the listener as root.

On startup, you open a pipe. You then fork. Process A drops privs to a junk user like nobody. Process B stays as root and blocks reading the pipe. Process A then listens on the network and performs any work, and then just passes a simple message onto B. B double-checks its input, and if it's good, forks a process as the requested user.

The openssh have a good writeup, they call it Privilege Separation.

Comment on Re^3: Clues on writing a secure daemon

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://399823]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others pondering the Monastery: (7)

As of 2023-12-06 18:04 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

Notices^?