On 06/02/2013 16:27, Martin Wuertele wrote: > * Shawn <shawnlandden@gmail.com> [2013-02-05 18:43]: > >> socket-activation in systemd _helps_ security in that you can give an >> unprivlidged process a listening port under 1024. (using a privileged >> configuration file) > > Privileged vs. unprivileged port is not really a secuitry improvement. I think he's referring to allowing processes which require listening to a port under 1024 to run without superuser privileges. I believe our implementation on Debian (e.g. Apache) is to have the process start as root, start listening, and then setuid to an unprivileged user. -- Kind regards, Loong Jin
Attachment:
signature.asc
Description: OpenPGP digital signature