On Wed, 15 Jun 2011 21:00:16 +0200 Leen Besselink wrote: > tcpdump on OpenBSD kind of does this, they have 2 processes and use > privilege separation. > > So the process doing the parsing is a chroot'ed and running as nobody or > something similair.
_tcpdump, safer to have it's own user. And yet the OpenBSD devs and many others still recommend not to run it in parse mode (not using -w = a default snaplen of 96) live on production boxes/firewalls. _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
