Why does everything run as root?
-
Is normal that all the processes on my system are running as root? (VPN, webgui, php, etc) It seems like a bad idea. Thanks for your replies!
-
I don't know Unix systems very well to argue if there isn't a better way, but the basic issue is in order to change system settings and install packages and otherwise control every aspect of the system, it needs to run as root. It is possible that factoring the code into other smaller services that only do one thing may be able to have different users per service with strict permissions.
-
Things that can be chrooted and downgraded (like dhcpd) are. Those that can't aren't.
-
It is something we are working to address over time. It's not something that sits well with any of us, but given how everything currently operates and required privileges for specific actions and daemons, it is a problem which has resisted solving.
-
It is something we are working to address over time. It's not something that sits well with any of us, but given how everything currently operates and required privileges for specific actions and daemons, it is a problem which has resisted solving.
Ah thanks both of you (didnt know I could only give one thanks per thread)
I don't know anything about *BSD, but is it possible to implement MAC like with SELinux?
Something cool too would be implementing an IOMMU based security measure to segment hardware network interfaces thus for instance someone figures out how to exploit the WAN nic they're stuck on it and can't transition to any other NIC or get root via DMA. -
Probably should have gone to Jim so I'll do that. ;)