We use cookies to ensure you get the best experience on our website
Accueil Explorer Aide
S'inscrire Connexion
0ct0pu5
/
ladybird
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

Base: Run ProtocolServer as a separate "protocol" user

This is probably not the final design we'll want for this, but for now
let's run the HTTP client code as a separate user to reduce exposure
for the standard "anon" user account.

Note that "protocol" is also added to the "lookup" group, in order to
allow ProtocolServer to contact LookupServer for DNS requests.
Andreas Kling il y a 5 ans
Parent
83f59419cd
commit
d0a708fda4
3 fichiers modifiés avec 5 ajouts et 2 suppressions
Vue séparée Afficher les stats Diff
  1. 2 1
      Base/etc/SystemServer.ini
  2. 2 1
      Base/etc/group
  3. 1 0
      Base/etc/passwd

+ 2 - 1
Base/etc/SystemServer.ini
Voir le fichier 

@@ -6,10 +6,11 @@ Priority=high
 
 
 [ProtocolServer]
 
 Socket=/tmp/portal/protocol
 
+SocketPermissions=660
 
 Lazy=1
 
 Priority=low
 
 KeepAlive=1
 
-User=anon
 
+User=protocol
 
 
 [LookupServer]
 
 Socket=/tmp/portal/lookup

+ 2 - 1
Base/etc/group
Voir le fichier 

@@ -3,5 +3,6 @@ wheel:x:1:anon
 
 tty:x:2:
 
 phys:x:3:anon
 
 audio:x:4:anon
 
-lookup:x:10:anon
 
+lookup:x:10:protocol,anon
 
+protocol:x:11:anon
 
 users:x:100:anon

+ 1 - 0
Base/etc/passwd
Voir le fichier 

@@ -1,4 +1,5 @@
 
 root:x:0:0:root:/:/bin/sh
 
 lookup:x:10:10:LookupServer,,,:/:/bin/false
 
+protocol:x:11:11:ProtocolServer,,,:/:/bin/false
 
 anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh
 
 nona:x:200:200:Nona,,,:/home/nona:/bin/sh

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5