Hi, On Fri, Aug 05, 2011 at 09:07:19PM +0200, Witold Baryluk wrote: > I spoted few important issues which should be solved in rrdcached, > before somebody get hurt. > > I think it would be very good to make rrdcached chrootable, > and indeed chroot it by default.
Agreed that making RRDCacheD chrootable is a nice idea. Making that the default *in Debian* might make sense as well, but that won't happen upstream as the upstream default config allows to write to arbitrary locations anyway (which is done on purpose to allow for transparent drop-in setups -- I've argued against that in the past several times so please don't bring that up again ;-)). So, I'd go for a new command line option to configure that and use that by default in the init script (making it overwritable in /etc/default/ rrdcached). > There is no operation which needs root permision there, > and also considering rrdcached could be setuped to listen > on TCP socket, I think it should be secured Well, it could use root permissions e.g. to open different UNIX sockets belonging to different users/groups. > Also there is no particular reason rrdcached should be running as root, > as it is now. There should be separete user/group for it, > and all file operations (maybe exluding initial socket creation) > should be done as it. Well, I'm not sure if it makes sense to let an unprivileged process listen on a privileged port. I'd rather go for letting start-stop-daemon handle the user/group stuff. Do you see any other benefits from doing that differently? Thanks for your report! Cheers, Sebastian -- Sebastian "tokkee" Harl +++ GnuPG-ID: 0x8501C7FC +++ http://tokkee.org/ Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin
signature.asc
Description: Digital signature