add privilege seperation so that we run as non-root

subgraph / roflcoptor

Tor Control Port Filter and State Tracker Daemon

BSD 3-Clause "New" or "Revised" License

25 stars 8 forks source link

add privilege seperation so that we run as non-root #27

Closed david415 closed 8 years ago

david415 commented 8 years ago

we only need to be root so that the procsnitch API can read the /proc filesystem. instead we could run as a non-root user and use a UNIX domain socket RPC to get the /proc information. the procsnitchd daemon answers to these RPC queries and runs as root.

david415 commented 8 years ago

https://github.com/subgraph/procsnitchd

the procsnitchd solution comes with a caveat; the calling party must not use the response data if the connection was closed before response received. that is, there be a race condition if the calling party didn't noticed the socket was destroyed and created, it's inode would differ and thus the associated process information different.

david415 commented 8 years ago

i made it work. roflcoptor plays nice with procsnitchd. please review this pull request --> https://github.com/subgraph/roflcoptor/pull/28

david415 commented 8 years ago

fixed in https://github.com/subgraph/roflcoptor/commit/c0e5c08eb816c179fd22202e0d1181fab938ca20