[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slapd should give up root permission after binding the socket (ITS#98)




patl@phoenix.volant.org wrote:

> Under the most common usage SLAPD has no reason to run as root except to bind
> to
> the privileged socket.  Once that has been done, it could easily irrevocably
> give
> up root permissions; thereby reducing the potential damage of any security
> exploits
> in the bulk of the code.

Beware. The Netscape server does this, and it's proven
to be a *&(*$@#&#^ pain in the butt, despite being a
great idea.
You have to be very careful what files you open
or create before and after changing process identity.
It's easy to mess up and end up with files 
owned by the wrong user/group or trying to
access a file which you can't under the 
current process identity.
Of course you need to open the config file before
the identity change, otherwise you wouldn't know
what to change your identity to.