[radvd-devel-l] radvd not starting with different logmethod than default

Reuben Hawkins reubenhwk at gmail.com
Mon Jan 2 11:19:05 EST 2012

On Mon, Jan 2, 2012 at 7:06 AM, Pekka Savola <pekkas at netcore.fi> wrote:
> On Mon, 2 Jan 2012, Reuben Hawkins wrote:
>>> This looks like a bug in privsep.  I'm not sure what's causing it.
>>> I'll take a look over the next week or so.
>> One thing I've considered doing for a while is to always to privsep.
>> This would make testing simpler.  Does anybody know any reason why
>> radvd should not privsep always?
> One thing, at least, is that you have to choose the username you're going to
> privsep to. In some systems it might also require populating some directory
> with appropriate permissions. Currently the privsep user is user-defined. I
> guess you could assume nobody (I suppose it exists on all systems) unless
> specified..

I'm not convinced that's accurate.  In the code privsep_init and
drop_root_privileges appear to be completely independent, although the
intent is for them to be used together (from what I gather).

Without dropping root privileges, we can still call privsep_init, fork
a new process, communicate over a pipe, call into privsep_interface_*,
etc.  Can you verify privsep and drop_root_priv are independent?

Since that's a lot of fairly simple code, it makes since to just
enable it all the time for simpler and more complete testing.

> --
> Pekka Savola                 "You each name yourselves king, yet the
> Netcore Oy                    kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> --
> radvd-devel-l mailing list  :  radvd-devel-l at litech.org
> http://lists.litech.org/listinfo/radvd-devel-l

More information about the radvd-devel-l mailing list