[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Error -3212 ???

Subject: Re: Error -3212 ???
From: "Craig Schamp" <email@hidden>
Date: Wed, 13 Jun 2001 13:24:47 -0700
User-agent: Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022

on 6/13/01 10:32 AM, Peter Sichel <email@hidden> wrote:

> Another problem is you don't really want your entire server app
> to be SUID root as this has significant security implications.
> In order to have an SUID root companion open the port for you and
> pass back an open socket you need to use native BSD calls.
> There's no easy way to wrap an OT endpoint around a BSD
> open socket.

Why not make with the application SUID root, then once the application gets
started and is past the point where it needs root privileges, have it change
its UID and GID to something more restrictive (such as "nobody")? Or, simply
require that the application must be started by a process with root
privileges (a user logged in as root, for example), and in this case also
make sure the server sets its own UID and GID to something restrictive (as
is done with the Apache web server, if I recall correctly).

/c

Follow-Ups:
- Re: Error -3212 ???
  - From: Peter Sichel <email@hidden>
- Re: Error -3212 ???
  - From: Michael Swan <email@hidden>

References:
	>Re: Error -3212 ??? (From: Peter Sichel <email@hidden>)

Prev by Date: Re: Error -3212 ???
Next by Date: Re: Error -3212 ???
Previous by thread: Re: Error -3212 ???
Next by thread: Re: Error -3212 ???
Index(es):
- Date
- Thread

Home