On 23-05-31 12:43, tlaro...@polynum.com wrote: | And I think you're right: the info will go in a 0400 file in /tmp, and | will be a way to obtain various running infos---but for now, just the | running config (it could perhaps be extended, but not now, to add | stats, what is masked by a secmodel etc.)
I don't think the data should be written to /tmp; it's world writable, the service often runs as root, and avoiding TOCTOU security problems is error prone. If you want to write the validated configuration to a file, one of: 1. Compiled in default to a inetd-specific path that's has restricted write access (e.g., a /var/*) 2. Provide CLI option and/or configuration option for the path, although the config option may cause circular issues when you're trying to parse the configuration to learn where to write the configuration. Luke.
