[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Privilege dropping for rtadvd
Le 27/06/2013 22:36, christos%zoulas.com@localhost a écrit :
On Jun 27, 1:20pm, tls%panix.com@localhost (Thor Lancelot Simon) wrote:
-- Subject: Re: Privilege dropping for rtadvd
| On Thu, Jun 27, 2013 at 03:01:18PM +0000, Christos Zoulas wrote:
| > The problem is that after you drop privs you cannot start
| > to new interfaces that might appear, but the daemon does not do
| > this now, right?
| Another alternative might be to adjust our system security policy
| that the system could be configured for a non-root user to do these
| things. This is actually pretty easy to do with kauth, but
| out a clean userland interface to it is harder.
| The clockctl device is the obvious prior art, though.
We could start implementing a capabilities system, stored in the
and process like linux has. That would eliminate most setuid
That requires extended attributes support, no?
Main Index |
Thread Index |