On Fri, 14 May 2004 10:18:18 +0200 Paul J Stevens <[EMAIL PROTECTED]> wrote:
> So either run a single isolated parent as root, and be able to gracefully > restart by sending sighups, or run in a fully dropped privileges mode and do > cold restarts whenever the config needs to be reread. As somebody who once stopped apache and then lost my connection before I could finish typing the start command, I can attest to the preference for graceful restarts. The best thing to do is to make the port number easily configured. This way the end-user may choose either to: a) Run his server as root listening on the default port, and hope there's no bizarre overflow that can exploit the parent process. b) Run his server as another user listening on a non-privileged port, use a firewall to map requests on the default port to the non-privileged port, and hope there's no bizarre overflow that can exploit the parent process. Which option the user chooses is down to his individual security philosophy. Presumably all that is needed here is a config option in dbmail.conf and a hook in the forking code to skip the drop_privileges call if already running as the intended user. -fr. -- Feargal Reilly, Codeshifter, Chrysalink Systems.
pgpatrFHT0pot.pgp
Description: PGP signature
