]> git.ipfire.org Git - thirdparty/lldpd.git/commit
projects / thirdparty / lldpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a8dd189) | patch
priv: drop most privileges in monitor, only keep CAP_NET_RAW/ADMIN
authorVincent Bernat <vincent@bernat.im>
Tue, 12 Jun 2018 21:17:21 +0000 (23:17 +0200)
committerVincent Bernat <vincent@bernat.im>
Sat, 16 Jun 2018 15:08:28 +0000 (17:08 +0200)
commitf6933edaf2edea12ef72ef7c70958c2a617f6a1f
treeffe2c3bb82cf03af456a37f4280cf8ab9e89307btree
parenta8dd189419d1727dccc5d18159387685bf9d7113commit | diff
priv: drop most privileges in monitor, only keep CAP_NET_RAW/ADMIN

On Linux, we mostly rely on CAP_NET_RAW. Only keep that one. However,
we also write to ifalias, which needs CAP_NET_ADMIN. We could let user
choose at runtime if they want to grant this capability or not.
Currently, a user can turn it on/off at any time.

Access to SNMP socket may also be problematic. We need some solid
solution about that before merging.

Is it safe to use the same UID for the monitored and the unprivileged
process? Signals are mostly harmless. As for ptrace, since the
monitored process as more capabilities, this will not be allowed by
Linux.
NEWS diff | blob | blame | history
configure.ac diff | blob | blame | history
src/daemon/Makefile.am diff | blob | blame | history
src/daemon/priv.c diff | blob | blame | history
tests/ci/install.sh diff | blob | blame | history
Link Layer Discovery Protocol from http://github.com/vincentbernat/lldpd