trafficserver-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan M. Carroll (JIRA)" <j...@apache.org>
Subject [jira] Commented: (TS-338) Use POSIX capabilities instead of user ID switching.
Date Thu, 20 May 2010 16:02:02 GMT

    [ https://issues.apache.org/jira/browse/TS-338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12869647#action_12869647
] 

Alan M. Carroll commented on TS-338:
------------------------------------

The OEM stuff disappeared with 2.1.0 but the root privilege flag is still there so that didn't
really help :-).

After a discussion I am going with the "enable once at process init" style. The effective
user ID gets changed to a non-privileged user (as determined by the configuration file) once
as well and then isn't changed back.

> Use POSIX capabilities instead of user ID switching.
> ----------------------------------------------------
>
>                 Key: TS-338
>                 URL: https://issues.apache.org/jira/browse/TS-338
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: 2.0.0
>            Reporter: Alan M. Carroll
>            Priority: Minor
>
> Instead of switching the user id around (via seteuid() and the like), use POSIX capabilities
to retain the appropriate privileges as a non-root user.
> This will have to be done as an optional feature because while modern Linux kernels are
compliant, older kernels may not be and the compliance status of other operating systems (e.g.
BSD) is unclear.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message