Re: Privilege dropping for rtadvd

To: <christos%zoulas.com@localhost>
Subject: Re: Privilege dropping for rtadvd
From: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Date: Mon, 01 Jul 2013 11:49:41 +0200

Le 27/06/2013 22:36, christos%zoulas.com@localhost a écrit :

On Jun 27,  1:20pm, tls%panix.com@localhost (Thor Lancelot Simon) wrote:
-- Subject: Re: Privilege dropping for rtadvd

| On Thu, Jun 27, 2013 at 03:01:18PM +0000, Christos Zoulas wrote:
| >
| > The problem is that after you drop privs you cannot startlistening
| > to new interfaces that might appear, but the daemon does not do
| > this now, right?
|
| Another alternative might be to adjust our system security policyso
| that the system could be configured for a non-root user to do these
| things. This is actually pretty easy to do with kauth, butfiguring
| out a clean userland interface to it is harder.
|
| The clockctl device is the obvious prior art, though.
We could start implementing a capabilities system, stored in thefilesystemand process like linux has. That would eliminate most setuidprograms.


That requires extended attributes support, no?

--
Jean-Yves Migeon

Follow-Ups:
- Re: Privilege dropping for rtadvd
  - From: Christos Zoulas

References:
- Re: Privilege dropping for rtadvd
  - From: Christos Zoulas

Prev by Date: Re: Privilege dropping for rtadvd
Next by Date: Re: Privilege dropping for rtadvd
Previous by Thread: Re: Privilege dropping for rtadvd
Next by Thread: Re: Privilege dropping for rtadvd
Indexes:

Home | Main Index | Thread Index | Old Index