Re: [RFC] inetd(8) changes proposal

To: tech-userlevel%netbsd.org@localhost
Subject: Re: [RFC] inetd(8) changes proposal
From: Luke Mewburn <luke%mewburn.net@localhost>
Date: Wed, 31 May 2023 21:50:03 +1000

On 23-05-31 12:43, tlaronde%polynum.com@localhost wrote:
  | And I think you're right: the info will go in a 0400 file in /tmp, and
  | will be a way to obtain various running infos---but for now, just the
  | running config (it could perhaps be extended, but not now, to add
  | stats, what is masked by a secmodel etc.)

I don't think the data should be written to /tmp; it's world writable,
the service often runs as root, and avoiding TOCTOU security problems is
error prone.

If you want to write the validated configuration to a file, one of:
1. Compiled in default to a inetd-specific path that's has
   restricted write access (e.g., a /var/*)
2. Provide CLI option and/or configuration option for the path,
   although the config option may cause circular issues when you're
   trying to parse the configuration to learn where to write the
   configuration.

Luke.

References:
- Re: [RFC] inetd(8) changes proposal
  - From: tlaronde
- [RFC] inetd(8) changes proposal
  - From: tlaronde
- Re: [RFC] inetd(8) changes proposal
  - From: Robert Elz
- Re: [RFC] inetd(8) changes proposal
  - From: Robert Elz
- Re: [RFC] inetd(8) changes proposal
  - From: tlaronde

Prev by Date: Re: [RFC] inetd(8) changes proposal
Next by Date: Re: [RFC] inetd(8) changes proposal
Previous by Thread: Re: [RFC] inetd(8) changes proposal
Next by Thread: Re: [RFC] inetd(8) changes proposal
Indexes:

Home | Main Index | Thread Index | Old Index