Re: Privilege dropping for rtadvd

To: Roy Marples <roy%marples.name@localhost>
Subject: Re: Privilege dropping for rtadvd
From: logan%elandsys.com@localhost
Date: Thu, 27 Jun 2013 08:35:11 -0700

On Thu, Jun 27, 2013 at 04:30:22PM +0100, Roy Marples wrote:
> On 27/06/2013 16:01, christos%astron.com@localhost wrote:
> >In article <20130627114300.GA20412%mx.elandsys.com@localhost>,
> > <logan%elandsys.com@localhost> wrote:
> >>Hi,
> >>
> >>I'm not sure if people might agree with this, but I'm interested
> >>in having a dedicated user for rtadvd after it's done acquiring
> >>the socket.
> >>
> >>OpenBSD already does that:
> >>http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/rtadvd/rtadvd.c.diff?r1=1.35;r2=1.36
> 
> I don't see any reason why not.
> I don't mind spending some time on this :)

Well, I've already starting working on a diff. Would you be interested
in reviewing it :-) ?

> 
> >
> >The problem is that after you drop privs you cannot start listening
> >to new interfaces that might appear, but the daemon does not do
> >this now, right?
> 
> Sure it can because for IPv6 we just open a single socket not bound
> for any specific interface.
> We check for a valid interface though as we set IPV6_RECVPKTINFO on it.
> Or should, I've not tested it though.
> 
> Thanks
> 
> Roy

Follow-Ups:
- Re: Privilege dropping for rtadvd
  - From: Roy Marples

References:
- Privilege dropping for rtadvd
  - From: logan
- Re: Privilege dropping for rtadvd
  - From: Christos Zoulas
- Re: Privilege dropping for rtadvd
  - From: Roy Marples

Prev by Date: Re: Privilege dropping for rtadvd
Next by Date: Re: Privilege dropping for rtadvd
Previous by Thread: Re: Privilege dropping for rtadvd
Next by Thread: Re: Privilege dropping for rtadvd
Indexes:

Home | Main Index | Thread Index | Old Index