[Olsr-dev] privilege separation for olsrd

Ferry Huberts (spam-protected)
Wed Oct 3 18:50:31 CEST 2012

openssh doesn't use a netlink socket.

if you can get that to work without being root, then we can have priv sep.

On 03-10-12 18:07, Hans-Christoph Steiner wrote:
> I was just poking around OpenSSH for ideas for how olsrd could be a lot
> more secure.  The main issue right now is that olsrd does everything as
> root, even though it only needs root privileges for specific things
> (opening the socket on port 698 and editing the routing table).
> OpenSSH is a daemon that needs privileges for opening a socket on port
> 22, but then it does very little else as root.  It does this without
> using threads, but relies on multiple processes instead.  Here's two
> overviews of how openssh does it:
> http://www.citi.umich.edu/u/provos/ssh/privsep.html
> http://www.openbsd.org/papers/openssh-measures-asiabsdcon2007-slides.pdf
> .hc

Ferry Huberts

More information about the Olsr-dev mailing list