Christopher Cain at [EMAIL PROTECTED] wrote:
>
>> This is I believe Bergstein's daemontools?
>
> To be honest, I'm not sure. It's how alot of the standard init.d scripts
> are coded in Linux, so that's how I've also done mine. Whatever it is,
> it's installed by default on every Linux distro I've ever used. Perhaps
> I could throw a small patch into RUNNING.txt with a one-liner for *nix
> users that the above is a safe way to put TC startup in a script file?
> Does Solaris include this "daemontools" by default as well?
Nope. It doesn't (as most of the systems I've seen). That's why I wrote my
little wrapper (before I know that daemontools even existed!).
>> Yeah... Same thing that my little C thing does. But being paranoid, su is
>> installed setuid, so... :) :) :)
>
> Agreed. While the above should technically be secure, you never really
> know the what next security flaw will be. The daemon approach is
> probably a little more ultimately secure.
Exactly... If a binary is SUIDed, I don't trust it by default :)
> Tripwire rules. Like any solution it is not 100% foolproof (no such
> thing), but the possible attacks are fewer than with any other solution
> I've ever seen and would be VERY involved.
That's why I'm running 4 similar programs at a time, checking all possible
bugs :)
Pier
