Re: chrooting daemons

To: bruce@pixar.com, dark@xs4all.nl (Richard Braakman)
Cc: tom@ml.tele.fi, debian-policy@lists.debian.org
Subject: Re: chrooting daemons
From: bruce@pixar.com (Bruce Perens)
Date: Thu, 16 Oct 97 09:52 PDT
Message-id: <m0xLtA8-00IdTzC@golem.pixar.com>
Reply-to: Bruce Perens <bruce@pixar.com>

From: dark@xs4all.nl (Richard Braakman)
> It might be even easier to link the daemon statically.

No, the small security or filesystem integrity gain of using a static-linked
binary is not worth the cost of having a second copy of libraries in its
working set. The developers have discussed this several times.

However, it makes sense to have programs run in a chroot context and drop
privileges if they can. Perhaps we should think about some standard facility
to do this immediately after a daemon has initialized itself and before it
starts accepting input from outside.

	Thanks

	Bruce
-- 
Can you get your operating system fixed when you need it?
Linux - the supportable operating system. http://www.debian.org/support.html
Bruce Perens K6BP   bruce@debian.org   NEW PHONE NUMBER: 510-620-3502

Reply to:

Follow-Ups:
- Re: chrooting daemons
  - From: Topi Miettinen <Topi.Miettinen@ml.tele.fi>
- Re: chrooting daemons
  - From: bruce@pixar.com (Bruce Perens)

Prev by Date: Re: Mailing list crossposting
Next by Date: Re: chrooting daemons
Previous by thread: Re: chrooting daemons
Next by thread: Re: chrooting daemons
Index(es):
- Date
- Thread