Privsep?

6 years ago

I make Macchiato [macchiato.10centuries.org] for 10C's iOS-using community.

Father of two kids. Grew up in St. Louis, schooled in Florida, live and work (mostly from home) in Atlanta.

#pnutpatreon #dev

@jws on Pnut

@unixb0y I don’t know what particular problem they have in mind. If the problem is “we don’t want to run all that code as an admin or root just to bind port 22”, then solutions would include primarily privilege separation, with side helpings of dropping privileges and sandboxing/pledging.

Written with ChimPnut.

Activity: 1 Reply, 0 Reposts, 0 Bookmarks

Discussion

View on Beta

@jws

Privsep? - http://chimpnut.nl/u/jws/lp/381653 - #longpost

@jws

@unixb0y Oops see longpost in thread

@unixb0y

@jws Ok thanks for your reply :) they said “hint: what does OpenSSH do”, I looked it up and couldn’t find a lot so I described the tunneling process of SSH itself.

@jws

@unixb0y The lesson here is to use the source. (And where there’s not source, you can still use tracing and disassembly.) :)

@unixb0y

@jws thanks man :) It was late and I had not enough time but it was great to read about the solution you proposed, it's always about the learning 😊

@jws

@unixb0y Privilege separation and “principle of least power” can take you a long way towards making it harder to shoot yourself in the foot.

@unixb0y

@jws 👍🏼☺️