[Date Prev][Date Next]
Re: (ITS#4612) slapd reads config file only after chrooting / dropping root privileges
At 06:42 AM 7/20/2006, firstname.lastname@example.org wrote:
>On Wed, Jul 19, 2006 at 08:25:29AM -0700, Kurt D. Zeilenga wrote:
>> The behavior is as intended. While certainly it is "possible"
>> to redesign this code, I don't think it sensible to do so.
>If this behaviour is intended, then what is the benefit of doing
>it this way? Could you give a little more detail please?
In short, the sooner one chroot/drops root the better (for
security). For a long answer, read up on providing security
through these calls and then review the developer list
archives of discussions regarding appropriate placement
of these calls.