[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: dhcpd - non root user
>>>>> "norter" == norter <firstname.lastname@example.org> writes:
norter> hi how about makin dhcpd run as non-root user with this
norter> patch ???
I imagine that's the one:
Shouldn't chdir go _before_ chroot? At least that's how peolpe often do
it. You also need to do a fair bit of setup to create bpf devices and
Other than that I am running dhcpd with a variation of this patch. No
side effects I know of.
Bad thing is: dhcpd keeps a raw socket open. So whoever breaks into
dhcpd will get to use that. Anybody can comment on the exposure of the system
when the attacker has access to a socket like this:
dhcpd dhcpd 23324 7* internet raw icmp 0xe0bbbd00
Systrace policy for that puppy anybody?