Re: Another predefined group in /etc/group: ups?
On Mon, Feb 28, 2000 at 01:44:01PM -0500, Michael Stone wrote:
> On Mon, Feb 28, 2000 at 10:41:46AM -0800, you wrote:
> > I moved the droproot() call to after the opening of the serial port. I will be
> > sending patches to upstream in case he is interested.
>
> So it actually runs as root but then drops privs. A dedicated ups group
> would never need to be root at all, but that's probably not worth the
> effort if you're careful about how you open things and drop privs early
> enough.
True enough... it does run as root... but only very briefly... just long enough
to open the syslog and the serial port.
I think it's sufficiently safe. Of greater concern is the protocol used between
upsd and upsmon... I haven't confirmed that this is secure/encrypted.
It's possible that there might be a security problem here.
Luca Filipozzi
Reply to: