[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: privilege separation daemon ?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: privilege separation daemon ?
From: Chuck Yerkes <chuck+obsd_(_at_)_2003_(_dot_)_snew_(_dot_)_com>
Date: Fri, 18 Apr 2003 20:50:54 -0400
Mail-followup-to: Chuck Yerkes <chuck+obsd_(_at_)_2003_(_dot_)_snew_(_dot_)_com>, misc_(_at_)_openbsd_(_dot_)_org
Reply-to: misc_(_at_)_openbsd_(_dot_)_org

What does this do that I don't do by having the (effectively)
NIS information in LDAP and a socket in the choot area (or a
chat with 127.0.0.1:389?


Quoting mailing (mailing_(_at_)_skreel_(_dot_)_org):
> I have been working on a little daemon that allows getpw* and getgr* calls to
> be performed via a unix socket. The goal was to be able to authenticate users
> while in a chroot()-ed environement without having to copy the passwd database
> inside the chroot(). It appeared to me that with a few modifications, this
> could be easily transformed into a 'privilege separation' daemon, allowing
> applications to authenticate users without having to run as root as long as
> they have enough privileges to read and write to the socket.
> I was wondering if anyone would be interested in that, the code still needs a
> bit of work (mostly cleaning) and if it can be helpful to any of you, let me
> know  :)

Prev by Date: Re: No Moving parts boot devices
Next by Date: Re: Darpa now denies it...
Previous by thread: Re: privilege separation daemon ?
Next by thread: Undefined symbol "_XftPatternCreate" called from qt3/libqt-mt.so.3.12
Index(es):
- Date
- Thread

Visit your host, monkey.org