Hi Martin, On Wednesday 04 February 2015 21:06:33 MK wrote: > Hi list! > > Alfred daemon runs as user root in our current setup on the gateway. > > Regarding the faulty buffer size checks and improper use of strcpy in recent > history of this software this seems to be a very bad idea.
that's a good point.
>
> What are the requirements for the user running alfred? Which elevated
> privileges does alfred really need? Is it possible to drop the privileges
> after setting up the interface bindings?
What spontaneously comes to my mind would be:
* network socket to send/receive UDP packets
* unix socket to talk to clients (but that may be changed by using a different
path)
* access to debugfs to get batman information
Patches are very welcome to implement dropping privileges.
Thanks,
Simon
signature.asc
Description: This is a digitally signed message part.
