I've had this idea in the back of my head for a while now, and I wanted to
hear the lists comments on it.
Currently, fam runs as root, meaning that it is vurnerable to security
issues, and has to depend on stuff like inetd and portmapper. So, it might
make sense to convert fam to a user daemon.
The idea would be to change libfam to look for a running fam (running as
the same user), and if one is not running, spawn a new one and connect to
it. It would then use unix-domain sockets credentials passing from both
sides to verify uids. libfam would stay binary compat, so no change would
be needed for clients.
The downsides to this is of course if multiple users use fam on the same
machine you'd have duplicate processes. But i don't think the process
overhead is that bad, all code would be shared. There would also be extra
work done if multiple users watches the same files.
Comments?
/ Alex
--
Source code, list archive, and docs: http://oss.sgi.com/projects/fam/
To unsubscribe: echo unsubscribe fam | mail majordomo@xxxxxxxxxxx
|