[asterisk-dev] [Code Review] Allow non-Linux invocations to keep privileges for certain operations
Tilghman Lesher
tlesher at digium.com
Mon Aug 2 02:48:03 CDT 2010
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/832/
-----------------------------------------------------------
(Updated 2010-08-02 02:48:02.870578)
Review request for Asterisk Developers.
Summary (updated)
-------
Currently, we use capabilities(7) in Linux to keep certain privileges before the process changes to a non-privileged user. On other platforms, we do not support keeping those privileges which means that we cannot bind to a privileged port, set QOS, or do other operations which may require additional privileges. With seteuid(2), we can run as the nonprivileged user, and escalate to root just when we need those additional privileges.
Diffs
-----
/branches/1.8/configure UNKNOWN
/branches/1.8/configure.ac 280557
/branches/1.8/include/asterisk/autoconfig.h.in 280557
/branches/1.8/main/asterisk.c 280557
/branches/1.8/main/netsock.c 280557
/branches/1.8/main/netsock2.c 280557
Diff: https://reviewboard.asterisk.org/r/832/diff
Testing (updated)
-------
Compile testing only. Architectural review and critique requested.
Thanks,
Tilghman
More information about the asterisk-dev
mailing list