[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: socket-based activation has unmaintainable security?

2013/2/6 Chow Loong Jin <hyperair@debian.org>:
> On 07/02/2013 01:35, Thomas Goirand wrote:
>>> >
>> Which would be the wrong way of doing things / wrong reason
>> for using root as running user, since you can set the
>> CAP_NET_BIND_SERVICE capability... (man capabilities ...)
>
> Yeah, I figured as much, but isn't that a Linuxism?

illumos (OpenSolaris) kernel has "privileges" [1]
So some services (can't remember which) are not started as root at all.

[1] http://illumos.org/man/5/privileges
Reply to: