Re: socket-based activation has unmaintainable security?
On 02/06/2013 05:03 PM, Chow Loong Jin wrote:
> On 06/02/2013 16:27, Martin Wuertele wrote:
>> * Shawn <email@example.com> [2013-02-05 18:43]:
>>> socket-activation in systemd _helps_ security in that you can give an
>>> unprivlidged process a listening port under 1024. (using a privileged
>>> configuration file)
>> Privileged vs. unprivileged port is not really a secuitry improvement.
> I think he's referring to allowing processes which require listening to a port
> under 1024 to run without superuser privileges. I believe our implementation on
> Debian (e.g. Apache) is to have the process start as root, start listening, and
> then setuid to an unprivileged user.
Which would be the wrong way of doing things / wrong reason
for using root as running user, since you can set the
CAP_NET_BIND_SERVICE capability... (man capabilities ...)
P.S: I know this since the nice talk from Luciano last summer at debconf! :)