[ previous ] [ next ] [ threads ]
 To :  Yate mailing list <yate@v...>
 From :  Philipp Kempgen <philipp.kempgen@a...>
 Subject :  Re: [yate] Security, root, etc.
 Date :  Fri, 29 Aug 2008 03:53:42 +0200
Hi Paul,

Paul Chitescu schrieb:

> Fact is, Yate doesn't benefit from starting as root and dropping privileges. 
> Those are needed dynamically, later in execution - it's not like it would 
> need to listen on a port < 1024 and switch to a less privileged user.
> 
> The capabilities Yate benefits from are all needed later, not at startup:

> - set the TOS on data sockets

http://bugs.digium.com/view.php?id=7047

> 
> Yate can run entirely as non-root but it's easier to do so from the startup 
> script than writing user switching code. If one wants to create a separate 
> user (and possibly assigning it some kernel capabilities) this is OK but it's 
> a decision of a specific distro or system integrator.

I don't think any package maintainer would completely rewrite
the code to switch user privileges, lower thread priorities etc.


   Philipp Kempgen

-- 
http://www.das-asterisk-buch.de  -  http://www.the-asterisk-book.com
Amooma GmbH - Bachstr. 126 - 56566 Neuwied  ->  http://www.amooma.de
Geschäftsführer: Stefan Wintermeyer, Handelsregister: Neuwied B14998
--