[radvd-devel-l] radvd not starting with different logmethod than default
Reuben Hawkins
reubenhwk at gmail.com
Mon Jan 2 11:19:05 EST 2012
On Mon, Jan 2, 2012 at 7:06 AM, Pekka Savola <pekkas at netcore.fi> wrote:
> On Mon, 2 Jan 2012, Reuben Hawkins wrote:
>>>
>>> This looks like a bug in privsep. I'm not sure what's causing it.
>>> I'll take a look over the next week or so.
>>
>>
>> One thing I've considered doing for a while is to always to privsep.
>> This would make testing simpler. Does anybody know any reason why
>> radvd should not privsep always?
>
>
> One thing, at least, is that you have to choose the username you're going to
> privsep to. In some systems it might also require populating some directory
> with appropriate permissions. Currently the privsep user is user-defined. I
> guess you could assume nobody (I suppose it exists on all systems) unless
> specified..
I'm not convinced that's accurate. In the code privsep_init and
drop_root_privileges appear to be completely independent, although the
intent is for them to be used together (from what I gather).
Without dropping root privileges, we can still call privsep_init, fork
a new process, communicate over a pipe, call into privsep_interface_*,
etc. Can you verify privsep and drop_root_priv are independent?
Since that's a lot of fairly simple code, it makes since to just
enable it all the time for simpler and more complete testing.
>
> --
> Pekka Savola "You each name yourselves king, yet the
> Netcore Oy kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> --
> radvd-devel-l mailing list : radvd-devel-l at litech.org
> http://lists.litech.org/listinfo/radvd-devel-l
More information about the radvd-devel-l
mailing list