tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Privilege dropping for rtadvd

Le 07/07/13 01:55, Lars Schotte a écrit :
On Sat, 06 Jul 2013 23:47:46 +0200 Jean-Yves Migeon
<> wrote:

If they upgrade the system but forget passwd/group, hmm, they are
shooting themselves in the foot; it is part of the
postinstall/etcupdate dance. IMHO the checks in the code are not
really worth it.

why? either it will run with the user nobody,

The last patch I saw was clearly checking for the presence of _rtadvd,
and if the getpwnam call failed, continue as usual (no setuid, no chroot).

Dropping to nobody is acceptable as failsafe; indeed not as good as having a dedicated user, but ok. You still have to log for the absence of _rtadvd though.

or the system can check if the user exists and if not, then create
it. like it does when you install some webserver or software like
that, so i do not see any problem in that
> matter.

Bad idea for a daemon; it is something more suitable for the package system rather than the daemon itself.


Jean-Yves Migeon

Home | Main Index | Thread Index | Old Index