privileges
David Bird
mem.corruption at gmail.com
Sat Jan 31 10:28:20 UTC 2009
Options for uid and gid will be in the next svn update, most likely.
David
On 1/13/09, Daniel Berteaud <daniel at firewall-services.com> wrote:
> Hi.
>
> I use coova-chilli on some servers and I'm quite happy with it.
>
> But there's one *huge* security issue with it: it must runs as root.
> I'm realy not very found of daemon listening on a public interface with
> root privileges.
> I understand coova daemon must start with root privileges as it has to
> create a tun interface, configure the real one etc... but, I think it
> should then drop the privileges to another user (just like openvpn do
> for example).
>
> Additionnaly, the daemon could be chrooted in a directory.
>
> Is there a way to do this, or is something like this a planed feature ?
>
> Cheers, Daniel
>
> --
> Daniel Berteaud
> FIREWALL-SERVICES SARL.
> Société de Services en Logiciels Libres
> Technopôle Montesquieu
> 33650 MARTILLAC
> Tel : 05 56 64 15 32
> Fax : 05 56 64 15 32
> Mail: daniel at firewall-services.com
> Web : http://www.firewall-services.com
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>
>
More information about the Chilli
mailing list