> I wonder, are there a class of networking daemons that will always need > to retain sufficient privileges to be able to destroy networking > capability (through adding/deleting addresses and routes, e.g.). I.e. is > there a difference between dlmgmtd and routing daemons, in terms of > security needs?
To me, dlmgmtd is more like a system daemon than a networking daemon, in that it doesn't actually send or receive any network traffic. But your point about shutdown is a good one and based on the prototyping that Cathy's doing now there are issues there if we have dlmgmtd run as dladm. > I ask, cause it Gary's reply about dropping to least-privileges without > also changing to a dedicated user apply also to Quagga, which should be > fixed really, and I wonder would it be appropriate to share IDs? I think in many cases, Casper's suggestion of using "daemon" (and adding or removing whatever privileges you need either via RBAC or by starting as "root" and then becoming "daemon" later on) is probably sufficient. -- meem
