privileges

Daniel Berteaud daniel at firewall-services.com
Mon Feb 2 08:00:58 UTC 2009


Le samedi 31 janvier 2009 à 11:28 +0100, David Bird a écrit :
> Options for uid and gid will be in the next svn update, most likely.
> 
> David

Hey, that's really a great news.

Thanks for your work on this project.

Best Regards

> 
> On 1/13/09, Daniel Berteaud <daniel at firewall-services.com> wrote:
> > Hi.
> >
> > I use coova-chilli on some servers and I'm quite happy with it.
> >
> > But there's one *huge* security issue with it: it must runs as root.
> > I'm realy not very found of daemon listening on a public interface with
> > root privileges.
> > I understand coova daemon must start with root privileges as it has to
> > create a tun interface, configure the real one etc... but, I think it
> > should then drop the privileges to another user (just like openvpn do
> > for example).
> >
> > Additionnaly, the daemon could be chrooted in a directory.
> >
> > Is there a way to do this, or is something like this a planed feature ?
> >
> > Cheers, Daniel
> >
> > --
> > Daniel Berteaud
> > FIREWALL-SERVICES SARL.
> > Société de Services en Logiciels Libres
> > Technopôle Montesquieu
> > 33650 MARTILLAC
> > Tel : 05 56 64 15 32
> > Fax : 05 56 64 15 32
> > Mail: daniel at firewall-services.com
> > Web : http://www.firewall-services.com
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> > For additional commands, e-mail: chilli-help at coova.org
> > Wiki: http://coova.org/wiki/index.php/CoovaChilli
> > Forum: http://coova.org/phpBB3/viewforum.php?f=4
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
> 
-- 
Daniel Berteaud
FIREWALL-SERVICES SARL.
Société de Services en Logiciels Libres
Technopôle Montesquieu
33650 MARTILLAC
Tel : 05 56 64 15 32
Fax : 05 56 64 15 32
Mail: daniel at firewall-services.com
Web : http://www.firewall-services.com




More information about the Chilli mailing list