[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4612) slapd reads config file only after chrooting / dropping root privileges

At 06:42 AM 7/20/2006, ghen@telenet.be wrote:
>On Wed, Jul 19, 2006 at 08:25:29AM -0700, Kurt D. Zeilenga wrote:
>> The behavior is as intended.   While certainly it is "possible"
>> to redesign this code, I don't think it sensible to do so.
>If this behaviour is intended, then what is the benefit of doing
>it this way?  Could you give a little more detail please?  

In short, the sooner one chroot/drops root the better (for
security).  For a long answer, read up on providing security
through these calls and then review the developer list
archives of discussions regarding appropriate placement
of these calls.