[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Another predefined group in /etc/group: ups?



On Mon, Feb 28, 2000 at 01:44:01PM -0500, Michael Stone wrote:
> On Mon, Feb 28, 2000 at 10:41:46AM -0800, you wrote:
> > I moved the droproot() call to after the opening of the serial port. I will be
> > sending patches to upstream in case he is interested.
> 
> So it actually runs as root but then drops privs. A dedicated ups group
> would never need to be root at all, but that's probably not worth the
> effort if you're careful about how you open things and drop privs early
> enough.

True enough... it does run as root... but only very briefly... just long enough
to open the syslog and the serial port.

I think it's sufficiently safe. Of greater concern is the protocol used between
upsd and upsmon... I haven't confirmed that this is secure/encrypted.

It's possible that there might be a security problem here.

Luca Filipozzi


Reply to: