Re: www user than root
From: Jeremie Le Hen (jeremie_at_le-hen.org)
Date: 06/23/05
- Previous message: Ari Suutari: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- In reply to: Darren Pilgrim: "RE: www user than root"
- Next in thread: Abu Khaled: "Re: www user than root"
- Reply: Abu Khaled: "Re: www user than root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 23 Jun 2005 15:14:55 +0200 To: Darren Pilgrim <dmp@bitfreak.org>
> Most daemons that bind to "priveleged" ports and run as a non-root uid,
> start as root, then change the effective UID after binding to the port.
Yes. Secure programs like Postfix (smtp), OpenSSH, vsftpd and Dovecot
(imap) use privilege separation. For instance if you need to open the
TCP port 80 lately, you could use a separate process for this purpose
only and communicate through it (through a UNIX socket). There is
obviously some performance degradation if you need to use high speed
communications, but this is a trade-off if you really need to open a
privileged port lately and you want security.
Regards,
-- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Ari Suutari: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- In reply to: Darren Pilgrim: "RE: www user than root"
- Next in thread: Abu Khaled: "Re: www user than root"
- Reply: Abu Khaled: "Re: www user than root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
