> I would like to try running polipo with a specified uid - is this possible?
As Nix mentioned, I expect people to use su (or Debian's start-stop-daemon)
in order to switch uids; I believe it's more secure than doing it within
Polipo.
Consider the following argument. If you run Polipo as root and ask it to
switch, it will only be able to switch after initialising and parsing the
configuration file. If there is a security bug in the initialisation code,
the bug will be exploitable by root.
Which is why I prefer to let an external tool perform the user-mode
switching.
Note that I am flexible on this kind of issues -- adding functionality that
I don't need is okay. For example, I happen to believe that switching into
the background and redirecting log files should be done by external tools,
which is why none of my software will daemonise by default, and will write
debugging logs to standard output. However, I understand that some people
may prefer the historic Unix way of managing daemons, which is why Polipo
implements the daemonize and logFile variables.
Juliusz
------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Polipo-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/polipo-users
