privileges

Daniel Berteaud daniel at firewall-services.com
Tue Jan 13 17:28:31 UTC 2009


Hi.

I use coova-chilli on some servers and I'm quite happy with it.

But there's one *huge* security issue with it: it must runs as root.
I'm realy not very found of daemon listening on a public interface with
root privileges.
I understand coova daemon must start with root privileges as it has to
create a tun interface, configure the real one etc... but, I think it
should then drop the privileges to another user (just like openvpn do
for example).

Additionnaly, the daemon could be chrooted in a directory.

Is there a way to do this, or is something like this a planed feature ?

Cheers, Daniel

-- 
Daniel Berteaud
FIREWALL-SERVICES SARL.
Société de Services en Logiciels Libres
Technopôle Montesquieu
33650 MARTILLAC
Tel : 05 56 64 15 32
Fax : 05 56 64 15 32
Mail: daniel at firewall-services.com
Web : http://www.firewall-services.com




More information about the Chilli mailing list