Re: Privilege dropping for rtadvd

To: Thor Lancelot Simon <tls%panix.com@localhost>
Subject: Re: Privilege dropping for rtadvd
From: logan%elandsys.com@localhost
Date: Thu, 27 Jun 2013 10:32:23 -0700

On Thu, Jun 27, 2013 at 01:20:08PM -0400, Thor Lancelot Simon wrote:
> On Thu, Jun 27, 2013 at 03:01:18PM +0000, Christos Zoulas wrote:
> > 
> > The problem is that after you drop privs you cannot start listening
> > to new interfaces that might appear, but the daemon does not do
> > this now, right?
> 
> Another alternative might be to adjust our system security policy so
> that the system could be configured for a non-root user to do these
> things.  This is actually pretty easy to do with kauth, but figuring
> out a clean userland interface to it is harder.
> 
> The clockctl device is the obvious prior art, though.

I'd be more interested in porting capsicum, but that's wishful
thinking at this point :-)


> 
> Thor

Follow-Ups:
- Re: Privilege dropping for rtadvd
  - From: Lars Schotte

References:
- Privilege dropping for rtadvd
  - From: logan
- Re: Privilege dropping for rtadvd
  - From: Christos Zoulas
- Re: Privilege dropping for rtadvd
  - From: Thor Lancelot Simon

Prev by Date: Re: Privilege dropping for rtadvd
Next by Date: Re: Privilege dropping for rtadvd
Previous by Thread: Re: Privilege dropping for rtadvd
Next by Thread: Re: Privilege dropping for rtadvd
Indexes:

Home | Main Index | Thread Index | Old Index