| gabriel rosenkoetter on Fri, 25 Jan 2002 00:33:39 -0500 |
|
On Fri, Jan 25, 2002 at 12:15:11AM -0500, Michael Leone wrote: > port 7000? 7001? Something like that. 7001, I think. > Mandrake 8.1 > > ps ax > 2776 ? S 0:21 xfs -port -1 -daemon -droppriv -user xfs Hrm. So it's started as root and switches to xfs. (I trust adding a u flag to ps does show it running as xfs not root.) Have you looked at it's setuid(2) usage to make sure it's actually doing the right thing? (Yes, I have done this with daemons I trust, BIND 9 and Postfix. Hint: they should actually be using seteuid(2) or, even better, setreuid(2).) Setting the port to -1 is a nice kludge (similar to telling BIND 9's rndc to communicate with the IP address 0.0.0.0, which tells it to *actually* use Unix Domain Sockets rather than TCP... this is better than pointing at 127.0.0.1 because it prevents local processes from getting in the way). The fact that they're being conscious is good, but it doesn't mean that they've necessarily done everything right. It's probably still a good idea to run it in a chroot(8) environment. (Yes, I do this with both Postfix and BIND.) I still say it shouldn't be necessary to run xfs at all on a single console machine, though. -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpgq2Vtx3s6G.pgp
|
|