On Fri, Sep 18, 2015 at 12:53 PM, Ben Pfaff <b...@nicira.com> wrote: > On Mon, Sep 14, 2015 at 03:54:09PM -0700, Andy Zhou wrote: >> All daemons launched by root can drop their privilege using >> --user option. See man page update form more details. >> >> Signed-off-by: Andy Zhou <az...@nicira.com> > > What worries me about this is that it relies on developers to remember > to add a call to daemon_become_new_user() to every daemon. If we forget > one, it's a security hole: --user will be silently ignored. > > Is it possible to integrate daemon_become_new_user() into some other > function that has to be called for daemonization to work? For example, > can we integrate it into daemon_start()? Or can we at least avoid the > security hole by, say, aborting in daemonize_complete() if > daemon_become_new_user() hasn't been called?
Integrating this function into daemon_start() seems to be an attractive option. Let me try to implement this. If not, I will fall back to abort in daemonize_complete(). _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
