Irresponsible people like myself have been known to put cron jobs in place to look for, and if necessary restart crashy daemons.
This could referred to as a kludge, though many would argue that is to mild an aspersion to cast upon it. PID=`pgrep gloob` if [ -z "$PID" ] then /usr/local/bin/gloob -f poor_security_a_bad_idea_to_run.conf fi Dag H. Richards - Distinguished Dunning-Kruger Fellow 2020 as seen on unixadminsgonewild.com On Mon, 27 Jan 2020 22:41:00 +0100, Ingo Schwarze <schwa...@usta.de> wrote: Hi Patrick, Patrick Kristiansen wrote on Mon, Jan 27, 2020 at 08:13:28PM +0100: > Is there something like the FreeBSD daemon(8) command for OpenBSD, > which can run a process in the background and restart it if it > crashes? Absolutely not, we are strongly convinced this is an utterly stupid idea and a serious security risk. If a daemon crashes, it has a bug. Many bugs that cause crashes are also exploitable. So if a daemon crashes, you first have to understand why it crashed, fix or at least mitigate the bug, and can only restart it afterwards. Restarting it automatically is an irresponsible thing to do. If a daemon keeps crashing so frequently that you can only run it in production with automatic restarts, then running it at all is irresponsible in the first place. Yours, Ingo Hi Patrick, Patrick Kristiansen wrote on Mon, Jan 27, 2020 at 08:13:28PM +0100: > Is there something like the FreeBSD daemon(8) command for OpenBSD, > which can run a process in the background and restart it if it > crashes? Absolutely not, we are strongly convinced this is an utterly stupid idea and a serious security risk. If a daemon crashes, it has a bug. Many bugs that cause crashes are also exploitable. So if a daemon crashes, you first have to understand why it crashed, fix or at least mitigate the bug, and can only restart it afterwards. Restarting it automatically is an irresponsible thing to do. If a daemon keeps crashing so frequently that you can only run it in production with automatic restarts, then running it at all is irresponsible in the first place. Yours, Ingo
