privileges
Daniel Berteaud
daniel at firewall-services.com
Tue Jan 13 17:28:31 UTC 2009
Hi.
I use coova-chilli on some servers and I'm quite happy with it.
But there's one *huge* security issue with it: it must runs as root.
I'm realy not very found of daemon listening on a public interface with
root privileges.
I understand coova daemon must start with root privileges as it has to
create a tun interface, configure the real one etc... but, I think it
should then drop the privileges to another user (just like openvpn do
for example).
Additionnaly, the daemon could be chrooted in a directory.
Is there a way to do this, or is something like this a planed feature ?
Cheers, Daniel
--
Daniel Berteaud
FIREWALL-SERVICES SARL.
Société de Services en Logiciels Libres
Technopôle Montesquieu
33650 MARTILLAC
Tel : 05 56 64 15 32
Fax : 05 56 64 15 32
Mail: daniel at firewall-services.com
Web : http://www.firewall-services.com
More information about the Chilli
mailing list