Re: Another predefined group in /etc/group: ups?
On Mon, Feb 28, 2000 at 01:44:01PM -0500, Michael Stone wrote:
> On Mon, Feb 28, 2000 at 10:41:46AM -0800, you wrote:
> > I moved the droproot() call to after the opening of the serial port. I will be
> > sending patches to upstream in case he is interested.
> So it actually runs as root but then drops privs. A dedicated ups group
> would never need to be root at all, but that's probably not worth the
> effort if you're careful about how you open things and drop privs early
True enough... it does run as root... but only very briefly... just long enough
to open the syslog and the serial port.
I think it's sufficiently safe. Of greater concern is the protocol used between
upsd and upsmon... I haven't confirmed that this is secure/encrypted.
It's possible that there might be a security problem here.