Hello,
we are currently in the process of updating pcp due to the recently
discovered security issues. But I am not very happy with the design of
pmcd.
Would it be possible to run the code that processes the network data
without UID and GID 0?
A small daemon that runs with a dedicated UID/GID that uses IPC to talk
to another more intelligent service that collects/processes data might
be a choice. Or a local service that creates uses a database/message
queue that can be accessed by the daemon listening on the network.
What do you think?
Best regards,
Thomas
--
Thomas Biege, Project Manager Security, CSSLP
SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB
21284 (AG Nürnberg)
--
Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
-- Marie von Ebner-Eschenbach
signature.asc
Description: This is a digitally signed message part
|