On Mon, Sep 14, 2015 at 03:54:09PM -0700, Andy Zhou wrote: > All daemons launched by root can drop their privilege using > --user option. See man page update form more details. > > Signed-off-by: Andy Zhou <az...@nicira.com>
What worries me about this is that it relies on developers to remember to add a call to daemon_become_new_user() to every daemon. If we forget one, it's a security hole: --user will be silently ignored. Is it possible to integrate daemon_become_new_user() into some other function that has to be called for daemonization to work? For example, can we integrate it into daemon_start()? Or can we at least avoid the security hole by, say, aborting in daemonize_complete() if daemon_become_new_user() hasn't been called? _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
