[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: socket-based activation has unmaintainable security?

On 06/02/2013 16:27, Martin Wuertele wrote:
> * Shawn <shawnlandden@gmail.com> [2013-02-05 18:43]:
>> socket-activation in systemd _helps_ security in that you can give an
>> unprivlidged process a listening port under 1024. (using a privileged
>> configuration file)
> Privileged vs. unprivileged port is not really a secuitry improvement.

I think he's referring to allowing processes which require listening to a port
under 1024 to run without superuser privileges. I believe our implementation on
Debian (e.g. Apache) is to have the process start as root, start listening, and
then setuid to an unprivileged user.

Kind regards,
Loong Jin

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: