[Olsr-dev] privilege separation for olsrd
Wed Oct 3 18:50:31 CEST 2012
openssh doesn't use a netlink socket.
if you can get that to work without being root, then we can have priv sep.
On 03-10-12 18:07, Hans-Christoph Steiner wrote:
> I was just poking around OpenSSH for ideas for how olsrd could be a lot
> more secure. The main issue right now is that olsrd does everything as
> root, even though it only needs root privileges for specific things
> (opening the socket on port 698 and editing the routing table).
> OpenSSH is a daemon that needs privileges for opening a socket on port
> 22, but then it does very little else as root. It does this without
> using threads, but relies on multiple processes instead. Here's two
> overviews of how openssh does it:
More information about the Olsr-dev