yep it makes sense. In this case, could we not remove this part and drop root at the other location to gain the jail benefit ?
//Logan C-x-C-c On Tue, Jul 20, 2010 at 10:24 AM, dormando <[email protected]> wrote: > You don't need to run memcached as root to do that, you need to *start* it > as root. > > If you look just under the setrlimit(RLIMIT_NOFILE code you see that the > privilege dropping happens. > > So you fire up memcached *from* root, specifying -u memcached pand it will > do its root-y things and then drop privileges to that user already. > > On Tue, 20 Jul 2010, Loganaden Velvindron wrote: > > > It's useful when you need to run memcached as root (-u root). > > > > > > if (setrlimit(RLIMIT_NOFILE, &rlim) != 0) { > > fprintf(stderr, "failed to set rlimit for open files. Try > running a$ > > exit(EX_OSERR); > > } > > > > for upping rlimit. > > > > Once it's done setting rlimit, root privileges are no longer needed. > > > > Additionally, it chroots the process to /var/empty. If the attacker > somehow > > succeeds in finding an exploit, he cannot execute commands like /bin/sh, > since > > he's jailed inside the /var/empty. > > > > > > //Logan > > C-x-C-c > > On Tue, Jul 20, 2010 at 2:38 AM, dormando <[email protected]> wrote: > > > > > Greetings, > > > > > > We are a small company who are increasingly relying on > > > memcached for our big projects. We are very pleased with > > > its performance. > > > > > > I've put this patch that > > > > > > 1) chroots to /var/empty > > > 2) change from root to a simple user. > > > > > > It effectively jails the process once it no longer needs root > > > privilege and allows an attacker very little room to play. > > > > > > The patch has been working fine on our gentoo server for > > > quite some time. > > > > > > Feedback is most welcomed, and we are more than willing to > > > improve the patch to fit your standards. > > > > I'm a little confused; there is already a method for memcached to drop > > user privileges, by specifying the -u option? What's the purpose of this > > that the other function doesn't do? > > > > > > > > > > -- > > `` Real men run current !'' > > > > > > > > > > > > > > > -- `` Real men run current !''
