If do create a patch to drop this as a config/compile for corner cases
like the situation I have, would it be useful to upstream?
On 7/22/2016 6:04 AM, Paul Jakma wrote:
On Thu, 21 Jul 2016, Jafar Al-Gharaibeh wrote:
I haven't looked at Quagga code yet to see if I can hack my way
through this, or if there is a way to run with root permissions
(maybe the easy way for now?) without a big effort. Why do Quagga
make the user lookup, and can it be skipped?
Quagga does that so it can change euid to a non-root, more confined
user for general operation to make any security issues in external
interfaces a bit harder to exploit. On Linux and Solaris it will also
drop unneeded capabilities permanently (unfortunately, routing tends
to need quite powerful capabilities still though), as well as drop all
capabilities for general operation.
regards,
_______________________________________________
Quagga-dev mailing list
[email protected]
https://lists.quagga.net/mailman/listinfo/quagga-dev
