-
-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support privilege dropping? #74
Comments
https://github.com/socketry/rubydns/blob/master/examples/fortune-dns.rb has an example of how to do this. |
However, it's quite an old example. Maybe can be improved somewhat by combining it with a real command processor (e.g. |
I've launched rubydns on an un privileged port (5300) and added port forwarding through iptables from port 53. This way I don't need any privileges for the server to run/restart/update/... This is an example for iptables rules:
For UFW I've created a rule too:
and for IPv6 in UFW:
|
Since RubyDNS will often bind to privileged port 53, it will be run as root. Ideally it will drop after binding.
http://timetobleed.com/5-things-you-dont-know-about-user-ids-that-will-destroy-you/
Pseudocode:
The text was updated successfully, but these errors were encountered: