Adam wrote:
I am trying to see the best way or choice in design between privilege
revocation and privilege separation.
Its just a question of wether it needs root initially for startup, and
then never needs it again (revoke) or if it needs to keep doing stuff as
root all the time (seperate).
Thanks for the answer. So, what would be a very good example in the tree
of a revoke one then. I love looking and studying the ntpd and bgpd code
as it is a very clean and understandable one. Specially ntpd for a small
application where separation is needed. That's the best example by far I
could find! Anything as good as that for revoke available as well that
anyone could suggest for study and example then?
