On Thu, 21 Jul 2016, Jafar Al-Gharaibeh wrote:
I haven't looked at Quagga code yet to see if I can hack my way through this, or if there is a way to run with root permissions (maybe the easy way for now?) without a big effort. Why do Quagga make the user lookup, and can it be skipped?
Quagga does that so it can change euid to a non-root, more confined user for general operation to make any security issues in external interfaces a bit harder to exploit. On Linux and Solaris it will also drop unneeded capabilities permanently (unfortunately, routing tends to need quite powerful capabilities still though), as well as drop all capabilities for general operation.
regards, -- Paul Jakma | [email protected] | @pjakma | Key ID: 0xD86BF79464A2FF6A Fortune: QOTD: "If you keep an open mind people will throw a lot of garbage in it." _______________________________________________ Quagga-dev mailing list [email protected] https://lists.quagga.net/mailman/listinfo/quagga-dev
