Hi Martin,
On Wednesday 04 February 2015 21:06:33 MK wrote:
Hi list!
Alfred daemon runs as user root in our current setup on the gateway.
Regarding the faulty buffer size checks and improper use of strcpy in recent history of this software this seems to be a very bad idea.
that's a good point.
What are the requirements for the user running alfred? Which elevated privileges does alfred really need? Is it possible to drop the privileges after setting up the interface bindings?
What spontaneously comes to my mind would be:
* network socket to send/receive UDP packets * unix socket to talk to clients (but that may be changed by using a different path) * access to debugfs to get batman information
Patches are very welcome to implement dropping privileges.
Thanks, Simon