[Olsr-dev] privilege separation for olsrd
Ferry Huberts
(spam-protected)
Wed Oct 3 18:50:31 CEST 2012
openssh doesn't use a netlink socket.
if you can get that to work without being root, then we can have priv sep.
On 03-10-12 18:07, Hans-Christoph Steiner wrote:
>
> I was just poking around OpenSSH for ideas for how olsrd could be a lot
> more secure. The main issue right now is that olsrd does everything as
> root, even though it only needs root privileges for specific things
> (opening the socket on port 698 and editing the routing table).
>
> OpenSSH is a daemon that needs privileges for opening a socket on port
> 22, but then it does very little else as root. It does this without
> using threads, but relies on multiple processes instead. Here's two
> overviews of how openssh does it:
>
> http://www.citi.umich.edu/u/provos/ssh/privsep.html
> http://www.openbsd.org/papers/openssh-measures-asiabsdcon2007-slides.pdf
>
> .hc
>
--
Ferry Huberts
More information about the Olsr-dev
mailing list