On Sun, Feb 26, 2012 at 7:49 PM, mark <mnunb...@haskalah.org> wrote: > From e15b874fdd05e9952e94e36292b57071e96127ed Mon Sep 17 00:00:00 2001 > From: Mark Nunberg <mnunb...@haskalah.org> > Date: Sun, 26 Feb 2012 09:37:33 -0800 > Subject: [PATCH] Allow management socket over inherited file descriptor > > Allows a direct management channel over a forked-and-execed openvpn > process (or possibly other means) instead of having to use a bound TCP > or UNIX socket. Helpful for wrapper applications and advanced scripts, > so that they leave less clutter in the local connection table and/or > filesystem > ---
Most implementations separate between the privileges required to ran the daemon and he privileges requires to run the management logic. Why is this actually needed? And why do you think the unix sockets are insufficient? Alon.
